CVE-2024-51444 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-51444 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that bypasses authorization controls and allows to download any data from the application's database.

EPSS 0.33% · 55.3th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.33%

55.3th percentile

Affected Products

Vendor	Product	Versions
siemens	polarion_alm	2404.0, 2310.0
Siemens	Polarion V2310	0
Siemens	Polarion V2404	0

Timeline

May 13, 2025 EPSS Score
May 13, 2025 Coalition ESS Score
May 13, 2025 CVE Published
May 13, 2025 CVE Updated
May 15, 2025 PoC Published
May 24, 2025 EPSS Score
Jun 4, 2025 EPSS Score
Jun 15, 2025 EPSS Score
Jun 26, 2025 EPSS Score
Jul 6, 2025 EPSS Score
Jul 17, 2025 EPSS Score
Jul 28, 2025 EPSS Score

References

Open in Interactive Console →