Home

Description

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code.

PUBLISHED Reserved 2024-01-22 | Published 2024-02-13 | Updated 2025-05-09 | Assigner siemens




HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Problem types

CWE-287: Improper Authentication

Product status

Default status
unknown

Any version before V2404.0
affected

References

cert-portal.siemens.com/productcert/html/ssa-871717.html

cert-portal.siemens.com/productcert/html/ssa-871717.html

cve.org (CVE-2024-23813)

nvd.nist.gov (CVE-2024-23813)

Download JSON