CVE-2024-33647

EUVD-2024-31363
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
siemensCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
siemenspolarion_alm
𝑥
< 2404.0
CNA
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/html/ssa-925850.html
https://cert-portal.siemens.com/productcert/html/ssa-925850.html