CVE-2024-33647

MEDIUM

Polarion ALM <V2404.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.

References (1)

Core 1

Scores

CVSS v3 6.5
EPSS 0.0042
EPSS Percentile 34.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-284
Status published
Products (1)
Siemens/Polarion ALM < V2404.0
Published May 14, 2024
Tracked Since Feb 18, 2026