CVE-2023-28828

Published: Apr 11, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD (Secondary)

Description

A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.

Affected (1)

Products: Siemens: Polarion Alm

Siemens

1 product

Polarion Alm

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Polarion Alm	Before 2304.0

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-632164.pdf

Source: productcert@siemens.com

MitigationVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-632164.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.