All the vulnerabilites related to Siemens - Polarion ALM
cve-2024-23813
Vulnerability from cvelistv5
Published
2024-02-13 09:00
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Siemens | Polarion ALM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T23:13:08.420Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Polarion ALM", "vendor": "Siemens", "versions": [ { "lessThan": "V2404.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Polarion ALM (All versions \u003c V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-15T07:23:55.656Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-23813", "datePublished": "2024-02-13T09:00:25.915Z", "dateReserved": "2024-01-22T17:44:56.763Z", "dateUpdated": "2024-08-01T23:13:08.420Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44478
Vulnerability from cvelistv5
Published
2022-03-08 11:31
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges.
References
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-562051.pdf | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
Siemens | Polarion ALM | |
Siemens | Polarion WebClient for SVN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:25:16.856Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-562051.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Polarion ALM", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V21 R2 P2" } ] }, { "product": "Polarion WebClient for SVN", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Polarion ALM (All versions \u003c V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-12T09:07:34", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-562051.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44478", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Polarion ALM", "version": { "version_data": [ { "version_value": "All versions \u003c V21 R2 P2" } ] } }, { "product_name": "Polarion WebClient for SVN", "version": { "version_data": [ { "version_value": "All versions" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in Polarion ALM (All versions \u003c V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-562051.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-562051.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44478", "datePublished": "2022-03-08T11:31:24", "dateReserved": "2021-12-01T00:00:00", "dateUpdated": "2024-08-04T04:25:16.856Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28828
Vulnerability from cvelistv5
Published
2023-04-11 09:03
Modified
2024-08-02 13:51
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Siemens | Polarion ALM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:51:38.510Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-632164.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Polarion ALM", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V22R2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Polarion ALM (All versions \u003c V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-611", "description": "CWE-611: Improper Restriction of XML External Entity Reference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-09T11:51:27.662Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-632164.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-28828", "datePublished": "2023-04-11T09:03:06.681Z", "dateReserved": "2023-03-24T15:17:29.558Z", "dateUpdated": "2024-08-02T13:51:38.510Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33647
Vulnerability from cvelistv5
Published
2024-05-14 10:03
Modified
2024-08-02 02:36
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Siemens | Polarion ALM |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:polarion:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "polarion", "vendor": "siemens", "versions": [ { "status": "affected", "version": "0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-33647", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T14:15:24.176854Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:43:52.579Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:36:04.542Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-925850.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Polarion ALM", "vendor": "Siemens", "versions": [ { "lessThan": "V2404.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Polarion ALM (All versions \u003c V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user\u0027s allowed projects." } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-15T07:24:53.504Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-925850.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-33647", "datePublished": "2024-05-14T10:03:08.350Z", "dateReserved": "2024-04-25T09:05:34.005Z", "dateUpdated": "2024-08-02T02:36:04.542Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-50236
Vulnerability from cvelistv5
Published
2024-02-13 09:00
Modified
2024-08-02 22:09
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Siemens | Polarion ALM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:09:49.946Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Polarion ALM", "vendor": "Siemens", "versions": [ { "lessThan": "V2404.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Polarion ALM (All versions \u003c V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\\SYSTEM." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-276", "description": "CWE-276: Incorrect Default Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-15T07:23:50.387Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-50236", "datePublished": "2024-02-13T09:00:02.735Z", "dateReserved": "2023-12-05T16:42:20.988Z", "dateUpdated": "2024-08-02T22:09:49.946Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46265
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Siemens | Polarion ALM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:45.090Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-792594.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Polarion ALM", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2304.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Polarion ALM (All versions \u003c V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:T/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T09:03:00.115Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-792594.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-46265", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-11-28T00:00:00", "dateUpdated": "2024-08-03T14:31:45.090Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-202203-0961
Vulnerability from variot
A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges. Siemens' polarion alm and Polarion Subversion Webclient Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Polarion WebClient for SVN is an SVN client
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0961", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "polarion alm", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "21.0" }, { "model": "polarion subversion webclient", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "polarion alm", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "21.0" }, { "model": "polarion alm", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "polarion subversion webclient", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "polarion subversion webclient r1", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v21" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-17778" }, { "db": "JVNDB", "id": "JVNDB-2021-018684" }, { "db": "NVD", "id": "CVE-2021-44478" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:polarion_subversion_webclient:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:polarion_alm:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "21.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:polarion_alm:21.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:polarion_alm:21.0:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:polarion_alm:21.0:r2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44478" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nicolas Briand of Thales Digital Factory reported this vulnerability to Siemens.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-755" } ], "trust": 0.6 }, "cve": "CVE-2021-44478", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-44478", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2022-17778", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-44478", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44478", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2022-17778", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202203-755", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-17778" }, { "db": "JVNDB", "id": "JVNDB-2021-018684" }, { "db": "NVD", "id": "CVE-2021-44478" }, { "db": "CNNVD", "id": "CNNVD-202203-755" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Polarion ALM (All versions \u003c V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges. Siemens\u0027 polarion alm and Polarion Subversion Webclient Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Polarion WebClient for SVN is an SVN client", "sources": [ { "db": "NVD", "id": "CVE-2021-44478" }, { "db": "JVNDB", "id": "JVNDB-2021-018684" }, { "db": "CNVD", "id": "CNVD-2022-17778" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44478", "trust": 3.8 }, { "db": "SIEMENS", "id": "SSA-562051", "trust": 3.0 }, { "db": "ICS CERT", "id": "ICSA-22-069-08", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU91709091", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-018684", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-17778", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1042", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031101", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202203-755", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-17778" }, { "db": "JVNDB", "id": "JVNDB-2021-018684" }, { "db": "NVD", "id": "CVE-2021-44478" }, { "db": "CNNVD", "id": "CNNVD-202203-755" } ] }, "id": "VAR-202203-0961", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-17778" } ], "trust": 1.2875 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-17778" } ] }, "last_update_date": "2023-12-18T11:10:27.342000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens Polarion ALM Cross-Site Scripting Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/324186" }, { "title": "Polarion Subversion Webclient Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=185246" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-17778" }, { "db": "CNNVD", "id": "CNNVD-202203-755" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.0 }, { "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018684" }, { "db": "NVD", "id": "CVE-2021-44478" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-562051.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91709091/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44478" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-069-08" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1042" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031101" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2021-44478/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-08" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-17778" }, { "db": "JVNDB", "id": "JVNDB-2021-018684" }, { "db": "NVD", "id": "CVE-2021-44478" }, { "db": "CNNVD", "id": "CNNVD-202203-755" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-17778" }, { "db": "JVNDB", "id": "JVNDB-2021-018684" }, { "db": "NVD", "id": "CVE-2021-44478" }, { "db": "CNNVD", "id": "CNNVD-202203-755" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-09T00:00:00", "db": "CNVD", "id": "CNVD-2022-17778" }, { "date": "2023-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-018684" }, { "date": "2022-03-08T12:15:11.337000", "db": "NVD", "id": "CVE-2021-44478" }, { "date": "2022-03-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202203-755" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-06-13T00:00:00", "db": "CNVD", "id": "CNVD-2022-17778" }, { "date": "2023-07-05T08:11:00", "db": "JVNDB", "id": "JVNDB-2021-018684" }, { "date": "2022-07-28T18:12:36.160000", "db": "NVD", "id": "CVE-2021-44478" }, { "date": "2022-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202203-755" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-755" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0polarion\u00a0alm\u00a0 and \u00a0Polarion\u00a0Subversion\u00a0Webclient\u00a0 Cross-site scripting vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018684" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-755" } ], "trust": 0.6 } }