VDB
CVE-2024-51444
CVE-2024-51444
PUBLISHED
CVSS 6.5 MEDIUM
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that bypasses authorization controls and allows to download any data from the application's database.
EPSS 0.34% · 57.4th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.34%
57.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| siemens | polarion_alm | 2404.0, 2310.0 |
| Siemens | Polarion V2310 | 0 |
| Siemens | Polarion V2404 | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-51444 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-162255.html (circl)
Timeline
- May 13, 2025 EPSS Score
- May 13, 2025 Coalition ESS Score
- May 13, 2025 CVE Published
- May 13, 2025 CVE Updated
- May 15, 2025 PoC Published
- May 24, 2025 EPSS Score
- Jun 5, 2025 EPSS Score
- Jun 16, 2025 EPSS Score
- Jun 28, 2025 EPSS Score
- Jul 9, 2025 EPSS Score
- Jul 21, 2025 EPSS Score
- Aug 1, 2025 EPSS Score