CVE-2023-50236

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-871717.html	Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-871717.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:polarion_alm:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-02-13 09:15

Updated : 2024-11-21 08:36

NVD link : CVE-2023-50236

Mitre link : CVE-2023-50236

CVE.ORG link : CVE-2023-50236

JSON object : View

Products Affected

siemens

polarion_alm

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2023-50236", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-02-13T09:15:46.633", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\\SYSTEM."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Polarion ALM (todas las versiones). El producto afectado es vulnerable debido a permisos d\u00e9biles de archivos y carpetas en la ruta de instalaci\u00f3n. Un atacante con acceso local podr\u00eda aprovechar esta vulnerabilidad para escalar privilegios a NT AUTHORITY\\SYSTEM."}], "lastModified": "2024-11-21T08:36:43.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:polarion_alm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00E023E4-0221-4342-8EE3-9D6CA296BE82", "versionEndExcluding": "2404.0"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}