A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.
References
| Link | Resource |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-632164.pdf | Mitigation Vendor Advisory |
| https://cert-portal.siemens.com/productcert/pdf/ssa-632164.pdf | Mitigation Vendor Advisory |
Configurations
History
21 Nov 2024, 07:56
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://cert-portal.siemens.com/productcert/pdf/ssa-632164.pdf - Mitigation, Vendor Advisory |
09 May 2023, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
| Summary | A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. |
18 Apr 2023, 20:01
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:siemens:polarion_alm:*:*:*:*:*:*:*:* | |
| References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-632164.pdf - Mitigation, Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| First Time |
Siemens
Siemens polarion Alm |
11 Apr 2023, 10:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-04-11 10:15
Updated : 2024-11-21 07:56
NVD link : CVE-2023-28828
Mitre link : CVE-2023-28828
CVE.ORG link : CVE-2023-28828
JSON object : View
Products Affected
siemens
- polarion_alm
CWE
CWE-611
Improper Restriction of XML External Entity Reference