CVE-2024-23813

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-871717.html	Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-871717.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:polarion_alm:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-02-13 09:15

Updated : 2024-11-21 08:58

NVD link : CVE-2024-23813

Mitre link : CVE-2024-23813

CVE.ORG link : CVE-2024-23813

JSON object : View

Products Affected

siemens

polarion_alm

CWE

CWE-287

Improper Authentication

{"id": "CVE-2024-23813", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-02-13T09:15:50.140", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Polarion ALM (todas las versiones). Los endpoints de la API REST del conector de puertas del producto afectado carecen de la autenticaci\u00f3n adecuada. Un atacante no autenticado podr\u00eda acceder a los endpoints y potencialmente ejecutar c\u00f3digo."}], "lastModified": "2024-11-21T08:58:28.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:polarion_alm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00E023E4-0221-4342-8EE3-9D6CA296BE82", "versionEndExcluding": "2404.0"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}