Home

Description

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an unauthenticated remote attacker to distinguish between valid and invalid usernames.

PUBLISHED Reserved 2024-10-28 | Published 2025-05-13 | Updated 2025-05-13 | Assigner siemens




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-204: Observable Response Discrepancy

Product status

Default status
unknown

Any version before *
affected

Default status
unknown

Any version before V2404.2
affected

References

cert-portal.siemens.com/productcert/html/ssa-162255.html

cve.org (CVE-2024-51447)

nvd.nist.gov (CVE-2024-51447)

Download JSON