cbcvebase.

Siemens Polarion V2310 vulnerabilities

4 known vulnerabilities affecting siemens/polarion_v2310.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2024-51444P3MEDIUMCVSS 6.5fixed in *2025-05-13
CVE-2024-51444 [MEDIUM] CWE-89 CVE-2024-51444: A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that bypasses authorization controls and allows to download any data from the
nvd
CVE-2024-51445P3MEDIUMCVSS 6.5fixed in *2025-05-13
CVE-2024-51445 [MEDIUM] CWE-611 CVE-2024-51445: A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a XML External Entity Injection (XXE) vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from the application server.
nvd
CVE-2024-51447P4MEDIUMCVSS 5.3fixed in *2025-05-13
CVE-2024-51447 [MEDIUM] CWE-204 CVE-2024-51447: A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an unauthenticated remote attacker to distinguish between valid and invalid usernames
nvd
CVE-2024-51446P4MEDIUMCVSS 5.4fixed in *2025-05-13
CVE-2024-51446 [MEDIUM] CWE-79 CVE-2024-51446: A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The file upload feature of the affected application improperly sanitizes xml files. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by uploading specially crafted xml files that are later dow
nvd
Siemens Polarion V2310 vulnerabilities | cvebase