Home

Description

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.

PUBLISHED Reserved 2024-04-25 | Published 2024-05-14 | Updated 2025-08-27 | Assigner siemens




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-284: Improper Access Control

Product status

Default status
unknown

Any version before V2404.0
affected

References

cert-portal.siemens.com/productcert/html/ssa-925850.html

cve.org (CVE-2024-33647)

nvd.nist.gov (CVE-2024-33647)

Download JSON