Unauthenticated Access to REST API Endpoints in Polarion ALM
CVE-2024-23813

7.3HIGH

Key Information:

Vendor: Siemens
Status: Polarion Alm
Vendor: CVE Published:; 13 February 2024

What is CVE-2024-23813?

A significant vulnerability exists in Polarion ALM, where the REST API endpoints of the doorsconnector are susceptible to improper authentication controls. This lack of security measures allows unauthenticated attackers to gain access to the REST API, creating a pathway for potential code execution and unauthorized actions within the application. It is crucial for organizations using Polarion ALM to implement robust security protocols and update to the latest version to mitigate associated risks.

Affected Version(s)

Polarion ALM 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8717...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Jan 22, 2024

Siemens

What is CVE-2024-23813?

Affected Version(s)

References

CVSS V3.1

Timeline