CVE-2024-33647
published 2024-05-14CVE-2024-33647: A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper…
PriorityP337medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.42%
33.9th percentile
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | polarion_alm | < V2404.0 | V2404.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Polarion ALM
cisa_ics·2024-05-16·CVSS 6.5
[MEDIUM] Siemens Polarion ALM
ICS Advisory
##
Siemens Polarion ALM
Release DateMay 16, 2024
Alert CodeICSA-24-137-04
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 7.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Polarion ALM
- Vulnerability: Improper Access Control
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an authenticated user to query items beyond the user's allowed projects.
## 3. TECHNICAL DETA
GHSA
GHSA-829x-599p-43vg: A vulnerability has been identified in Polarion ALM (All versions < V2404
ghsa_unreviewed·2024-05-14
CVE-2024-33647 [MEDIUM] CWE-284 GHSA-829x-599p-43vg: A vulnerability has been identified in Polarion ALM (All versions < V2404
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-14
Published