A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 27 Aug 2025 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-862 |
Wed, 27 Aug 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | ||
Vendors & Products |
Siemens
Siemens polarion |
Tue, 04 Feb 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-862 |

Status: PUBLISHED
Assigner: siemens
Published:
Updated: 2025-08-27T21:13:00.144Z
Reserved: 2024-04-25T09:05:34.005Z
Link: CVE-2024-33647

Updated: 2024-08-02T02:36:04.542Z

Status : Awaiting Analysis
Published: 2024-05-14T16:17:21.700
Modified: 2025-08-27T22:15:36.253
Link: CVE-2024-33647

No data.

No data.