Polarion
Products
2- 6 CVEs
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15789 | Hig | 0.53 | 8.1 | 0.00 | Sep 9, 2020 | A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by… | ||
| CVE-2024-23813 | Hig | 0.47 | 7.3 | 0.01 | Feb 13, 2024 | A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code. | ||
| CVE-2024-51445 | Med | 0.42 | 6.5 | 0.00 | May 13, 2025 | A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a XML External Entity Injection (XXE) vulnerability in the docx import feature. This could allow an authenticated remote attacker to… | ||
| CVE-2024-51444 | Med | 0.42 | 6.5 | 0.00 | May 13, 2025 | A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that… | ||
| CVE-2021-44478 | Med | 0.40 | 6.1 | 0.01 | Mar 8, 2022 | A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker… | ||
| CVE-2023-28828 | Med | 0.38 | 5.9 | 0.01 | Apr 11, 2023 | A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. | ||
| CVE-2022-46265 | Med | 0.35 | 5.4 | 0.00 | Dec 13, 2022 | A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites. |
- risk 0.53cvss 8.1epss 0.00
A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by…
- risk 0.47cvss 7.3epss 0.01
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code.
- risk 0.42cvss 6.5epss 0.00
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a XML External Entity Injection (XXE) vulnerability in the docx import feature. This could allow an authenticated remote attacker to…
- risk 0.42cvss 6.5epss 0.00
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that…
- risk 0.40cvss 6.1epss 0.01
A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker…
- risk 0.38cvss 5.9epss 0.01
A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.
- risk 0.35cvss 5.4epss 0.00
A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites.