CVE-2024-33647

Published: May 14, 2024Modified: Aug 27, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: productcert@siemens.com (Secondary)

Description

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://cert-portal.siemens.com/productcert/html/ssa-925850.html

Source: productcert@siemens.com

https://cert-portal.siemens.com/productcert/html/ssa-925850.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.