cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-33647,https://securityvulnerability.io/vulnerability/CVE-2024-33647,Unauthorized Access to Project Data in Polarion ALM Due to Lack of Access Controls,A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.,Siemens,Polarion Alm,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T10:03:08.350Z,0
CVE-2024-23813,https://securityvulnerability.io/vulnerability/CVE-2024-23813,Unauthenticated Access to REST API Endpoints in Polarion ALM,"A significant vulnerability exists in Polarion ALM, where the REST API endpoints of the doorsconnector are susceptible to improper authentication controls. This lack of security measures allows unauthenticated attackers to gain access to the REST API, creating a pathway for potential code execution and unauthorized actions within the application. It is crucial for organizations using Polarion ALM to implement robust security protocols and update to the latest version to mitigate associated risks.",Siemens,Polarion Alm,9.8,CRITICAL,0.0008900000248104334,false,,false,false,false,,false,false,2024-02-13T09:00:25.915Z,0
CVE-2023-50236,https://securityvulnerability.io/vulnerability/CVE-2023-50236,Polarion ALM Vulnerability: Escalation of Privileges via Weak File and Folder Permissions,"A vulnerability has been discovered in Polarion ALM, affecting all versions prior to V2404.0, associated with inadequate file and folder permissions within the installation directory. This security flaw allows an attacker with local access to potentially escalate privileges to the level of NT AUTHORITY\SYSTEM, thereby gaining enhanced control and access to the system.",Siemens,Polarion Alm,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-13T09:00:02.735Z,0
CVE-2023-28828,https://securityvulnerability.io/vulnerability/CVE-2023-28828,XML External Entity Injection Vulnerability in Polarion ALM by Siemens,"A vulnerability exists in Polarion ALM, where improper handling of XML input allows an attacker to leverage an XML External Entity Injection (XXE) exploit. This vulnerability could enable unauthorized access to sensitive files on the application server's filesystem, potentially leading to data exposure and subsequent misuse. Organizations using affected versions of Polarion ALM should prioritize addressing this flaw to maintain security and operational integrity.",Siemens,Polarion ALM,5.9,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2023-04-11T10:15:00.000Z,0
CVE-2022-46265,https://securityvulnerability.io/vulnerability/CVE-2022-46265,Host Header Injection Vulnerability in Polarion ALM by Siemens,"A vulnerability exists in Polarion ALM that allows attackers to manipulate the Host header. By exploiting this weakness, attackers can redirect users to malicious websites, potentially leading to phishing attacks or unauthorized access to sensitive information. It is crucial for organizations using affected versions to implement necessary security measures to mitigate risks associated with this vulnerability.",Siemens,Polarion ALM,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2022-12-13T00:00:00.000Z,0
CVE-2021-44478,https://securityvulnerability.io/vulnerability/CVE-2021-44478,,"A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges.",Siemens,"Polarion Alm,Polarion Webclient For Svn",6.1,MEDIUM,0.0008399999933317304,false,,false,false,false,,false,false,2022-03-08T11:31:24.000Z,0