Main Vulnerability Database SB2024021534

SB2024021534 - Multiple vulnerabilities in Siemens Polarion ALM

Published: February 15, 2024

Security Bulletin ID SB2024021534

Severity

Medium

Patch available

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Incorrect default permissions (CVE-ID: CVE-2023-50236)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can view contents of files and directories or modify them.

2) Improper Authentication (CVE-ID: CVE-2024-23813)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to improper authentication in the REST API endpoints of doorsconnector. A remote attacker can access the endpoints.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://cert-portal.siemens.com/productcert/html/ssa-871717.html