CVE-2024-51445 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-51445 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a XML External Entity Injection (XXE) vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from the application server.

EPSS 0.18% · 40.0th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.18%

40.0th percentile

Affected Products

Vendor	Product	Versions
Siemens	Polarion V2310	0
siemens	polarion_alm	2404.0, 2310.0
Siemens	Polarion V2404	0

Timeline

May 13, 2025 EPSS Score
May 13, 2025 Coalition ESS Score
May 13, 2025 CVE Published
May 13, 2025 CVE Updated
May 15, 2025 PoC Published
May 24, 2025 EPSS Score
Jun 4, 2025 EPSS Score
Jun 15, 2025 EPSS Score
Jun 26, 2025 EPSS Score
Jul 6, 2025 EPSS Score
Jul 17, 2025 EPSS Score
Jul 28, 2025 EPSS Score

References

Open in Interactive Console →