CVE-2024-33647

Name of the Vulnerable Software and Affected Versions Polarion ALM versions prior to 2404.0

Description A vulnerability has been identified in the Apache Lucene based query engine of Polarion ALM, which lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects, potentially granting unauthorized access to restricted functions.

Recommendations For versions prior to 2404.0, upgrade to the latest version to mitigate the risk associated with the improper access via the Query Engine. As a temporary workaround, consider restricting access to the query engine until a patch is available.