VYPR

Polarion ALM

by Siemens Foundation

CVEs (4)

  • CVE-2023-50236HigFeb 13, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT…

  • CVE-2024-23813HigFeb 13, 2024
    risk 0.47cvss 7.3epss 0.01

    A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code.

  • CVE-2024-33647MedMay 14, 2024
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.

  • CVE-2022-46265MedDec 13, 2022
    risk 0.35cvss 5.4epss 0.00

    A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites.