CVE-2021-44478
published 2022-03-08CVE-2021-44478: A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present…
PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.71%
49.1th percentile
A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | polarion_alm | < 21.0 | 21.0 |
| siemens | polarion_alm | — | — |
| siemens | polarion_alm | — | — |
| siemens | polarion_webclient_for_svn | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Polarion ALM (Update A)
cisa_ics·2022-03-10·CVSS 6.1
[MEDIUM] Siemens Polarion ALM (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Polarion ALM (Update A)
Last RevisedApril 14, 2022
Alert CodeICSA-22-069-08
## 1. EXECUTIVE SUMMARY
- CVSS v3 6.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Polarion ALM
- Vulnerability: Cross-site Scripting
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-22-069-08 Siemens Polarion ALM that was published March 10, 2022, on the ICS webpage on www.cisa.gov/uscert.
## 3. RISK EVALUATION
Successful exploitation of this vulnerability could allow arbitrary code execution and
GHSA
GHSA-44g4-c9hw-qp42: A vulnerability has been identified in Polarion Subversion Webclient (V21 R1)
ghsa_unreviewed·2022-03-09
CVE-2021-44478 [MEDIUM] CWE-79 GHSA-44g4-c9hw-qp42: A vulnerability has been identified in Polarion Subversion Webclient (V21 R1)
A vulnerability has been identified in Polarion Subversion Webclient (V21 R1). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product.
An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-03-08
Published