Polarion ALM Vulnerability: Escalation of Privileges via Weak File and Folder Permissions
CVE-2023-50236

7.8HIGH

Key Information:

Vendor: Siemens
Status: Polarion Alm
Vendor: CVE Published:; 13 February 2024

Summary

A vulnerability has been discovered in Polarion ALM, affecting all versions prior to V2404.0, associated with inadequate file and folder permissions within the installation directory. This security flaw allows an attacker with local access to potentially escalate privileges to the level of NT AUTHORITY\SYSTEM, thereby gaining enhanced control and access to the system.

Affected Version(s)

Polarion ALM 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8717...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Dec 5, 2023