Home

Description

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM.

PUBLISHED Reserved 2023-12-05 | Published 2024-02-13 | Updated 2025-05-07 | Assigner siemens




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Problem types

CWE-276: Incorrect Default Permissions

Product status

Default status
unknown

Any version before V2404.0
affected

References

cert-portal.siemens.com/productcert/html/ssa-871717.html

cve.org (CVE-2023-50236)

nvd.nist.gov (CVE-2023-50236)

Download JSON