CVE-2024-23813
published 2024-02-13CVE-2024-23813: A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.56%
42.2th percentile
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | polarion_alm | < V2404.0 | V2404.0 |
| siemens | polarion_alm | < 2404.0 | 2404.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target the unauthenticated REST API endpoints of the doorsconnector component in Polarion ALM — any unauthenticated HTTP request reaching these endpoints should be treated as suspicious. ↗
- →Monitor for inbound network connections to the doorsconnector endpoint from IP addresses other than the designated DOORS synchronization instance, as legitimate access should be restricted to that single IP. ↗
- →Alert on any HTTP requests to the doorsconnector endpoint path that lack authentication headers/tokens, particularly from external or unexpected source IPs. ↗
- ·If DOORS connector is not in use, the Apache configuration should explicitly deny all access to the doorsconnector endpoint to eliminate the attack surface entirely. ↗
- ·If DOORS connector is actively used, network-level access controls must restrict the doorsconnector endpoint to only the specific DOORS synchronization host IP; broad access leaves the unauthenticated RCE vector fully exposed. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f8v6-h8xc-6v8q: A vulnerability has been identified in Polarion ALM (All versions)
ghsa_unreviewed·2024-02-13
CVE-2024-23813 [HIGH] CWE-287 GHSA-f8v6-h8xc-6v8q: A vulnerability has been identified in Polarion ALM (All versions)
A vulnerability has been identified in Polarion ALM (All versions). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code.
CISA ICS
Siemens Polarion ALM
cisa_ics·2024-02-15·CVSS 7.8
[HIGH] Siemens Polarion ALM
ICS Advisory
##
Siemens Polarion ALM
Release DateFebruary 15, 2024
Alert CodeICSA-24-046-14
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Polarion ALM
- Vulnerabilities: Incorrect Default Permissions, Improper Authentication
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow unauthenticated access or privilege escalation.
## 3
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-02-13
Published