Unauthenticated Access to REST API Endpoints in Polarion ALM
CVE-2024-23813

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Polarion Alm
Vendor: CVE Published:; 13 February 2024

Summary

A significant vulnerability exists in Polarion ALM, where the REST API endpoints of the doorsconnector are susceptible to improper authentication controls. This lack of security measures allows unauthenticated attackers to gain access to the REST API, creating a pathway for potential code execution and unauthorized actions within the application. It is crucial for organizations using Polarion ALM to implement robust security protocols and update to the latest version to mitigate associated risks.

Affected Version(s)

Polarion ALM 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8717...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Jan 22, 2024