A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.
References
| Link | Resource |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-632164.pdf | Mitigation Vendor Advisory |
Configurations
History
09 May 2023, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
18 Apr 2023, 20:01
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CPE | cpe:2.3:a:siemens:polarion_alm:*:*:*:*:*:*:*:* | |
| First Time |
Siemens
Siemens polarion Alm |
|
| References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-632164.pdf - Mitigation, Vendor Advisory |
11 Apr 2023, 10:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-04-11 10:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-28828
Mitre link : CVE-2023-28828
CVE.ORG link : CVE-2023-28828
JSON object : View
Products Affected
siemens
- polarion_alm
CWE
CWE-611
Improper Restriction of XML External Entity Reference