← back
CVE-2024-51444

CVE-2024-51444

CVSS 7.1 HIGHEPSS 0.4%CWE-89
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.1EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that bypasses authorization controls and allows to download any data from the application's database.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Siemens · Polarion V2310Siemens · Polarion V2404

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert-portal.siemens.com/productcert/html/ssa-162255.html