CVE-2024-23813

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Polarion ALM versions prior to V2404.0

Description The issue is related to a flaw in the authentication procedure of the Polarion ALM application, which could allow a remote attacker to bypass authentication and gain full access to the device. Specifically, the REST API endpoints of the doorsconnector lack proper authentication, potentially allowing an unauthenticated attacker to access the endpoints and execute code.

Recommendations For versions prior to V2404.0, update to version V2404.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API endpoints of the doorsconnector to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2024-01735

CVE-2024-23813

Affected Products

Polarion Alm

CVE-2024-23813

Weakness Enumeration

Related Identifiers

Affected Products

References · 8