VYPR

Polarion

by Siemens Foundation

CVEs (13)

  • CVE-2023-50236HigFeb 13, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT…

  • CVE-2025-40587HigFeb 10, 2026
    risk 0.49cvss 7.6epss 0.00

    A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in document titles. This could allow an authenticated remote attacker to conduct a…

  • CVE-2024-23813HigFeb 13, 2024
    risk 0.47cvss 7.3epss 0.01

    A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code.

  • CVE-2024-51446MedMay 13, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The file upload feature of the affected application improperly sanitizes xml files. This could allow an authenticated remote attacker to conduct a stored cross-site…

  • CVE-2024-51445MedMay 13, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a XML External Entity Injection (XXE) vulnerability in the docx import feature. This could allow an authenticated remote attacker to…

  • CVE-2024-51444MedMay 13, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that…

  • CVE-2021-44478MedMar 8, 2022
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker…

  • CVE-2023-28828MedApr 11, 2023
    risk 0.38cvss 5.9epss 0.01

    A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.

  • CVE-2022-46265MedDec 13, 2022
    risk 0.35cvss 5.4epss 0.00

    A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites.

  • CVE-2024-51447MedMay 13, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an…

  • CVE-2019-13936LowNov 27, 2019
    risk 0.23cvss 3.5epss 0.01

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a persistent XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2.

  • CVE-2019-13935LowNov 27, 2019
    risk 0.23cvss 3.5epss 0.01

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2.

  • CVE-2019-13934LowNov 27, 2019
    risk 0.23cvss 3.5epss 0.01

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2.