cbcvebase.
CVE-2024-23813
published 2024-02-13

CVE-2024-23813: A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper…

PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.56%
42.2th percentile
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code.

Affected

2 ranges
VendorProductVersion rangeFixed in
siemenspolarion_alm< V2404.0V2404.0
siemenspolarion_alm< 2404.02404.0

Detection & IOCsextracted from sources · hover to see the quote

  • Target the unauthenticated REST API endpoints of the doorsconnector component in Polarion ALM — any unauthenticated HTTP request reaching these endpoints should be treated as suspicious.
  • Monitor for inbound network connections to the doorsconnector endpoint from IP addresses other than the designated DOORS synchronization instance, as legitimate access should be restricted to that single IP.
  • Alert on any HTTP requests to the doorsconnector endpoint path that lack authentication headers/tokens, particularly from external or unexpected source IPs.
  • ·If DOORS connector is not in use, the Apache configuration should explicitly deny all access to the doorsconnector endpoint to eliminate the attack surface entirely.
  • ·If DOORS connector is actively used, network-level access controls must restrict the doorsconnector endpoint to only the specific DOORS synchronization host IP; broad access leaves the unauthenticated RCE vector fully exposed.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.