- Description
- A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that bypasses authorization controls and allows to download any data from the application's database.
- Source
- productcert@siemens.com
- NVD status
- Analyzed
- Products
- polarion_alm
CVSS 4.0
- Type
- Secondary
- Base score
- 7.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- productcert@siemens.com
- CWE-89
- Hype score
- Not currently trending
CVE-2024-51444 SQL Injection Vulnerability in Polarion V2310 and V2404 Bypassing Authorization Controls https://t.co/YAEcmkKFim
@VulmonFeeds
13 May 2025
59 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51444 A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for… https://t.co/tRIrP8GYdt
@CVEnew
13 May 2025
368 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:polarion_alm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E432D0F7-0E9B-46C7-9A07-CB4DC920C8AB",
"versionEndExcluding": "2404.4",
"versionStartIncluding": "2404.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:polarion_alm:2310.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B380DBD-1890-4CDB-8EB7-0BB81219E904",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]