CVE-2023-50236

Name of the Vulnerable Software and Affected Versions Polarion ALM versions prior to V2404.0

Description A vulnerability has been identified due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITYSYSTEM. The issue is related to default permission settings, which can be exploited by an attacker to gain elevated privileges.

Recommendations For versions prior to V2404.0, update to version V2404.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the installation path to minimize the risk of exploitation. Additionally, review and adjust file and folder permissions in the installation path to prevent unauthorized access.