PT-2023-21993 · Siemens · Polarion Alm
Published
2023-04-11
·
Updated
2023-05-09
·
CVE-2023-28828
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Polarion ALM versions prior to V22R2
Polarion ALM versions prior to V2304.0
Description
A XML External Entity Injection (XXE) vulnerability has been identified in the application. This could allow an attacker to view files on the application server filesystem.
Recommendations
For versions prior to V22R2, update to version V22R2 or later to resolve the issue.
For versions prior to V2304.0, update to version V2304.0 or later to resolve the issue.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Polarion Alm