CVE-2024-51447

MEDIUM

Polarion - Info Disclosure

Title source: llm

Description

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an unauthenticated remote attacker to distinguish between valid and invalid usernames.

References (1)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-162255.html

Scores

CVSS v3 5.3

EPSS 0.0017

EPSS Percentile 37.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-204

Status published

Products (2)

siemens/polarion_alm 2310

siemens/polarion_alm 2404 - 2410

Published May 13, 2025

Tracked Since Feb 18, 2026