CVE-2024-51447 — Vulnetix

CVE-2024-51447 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an unauthenticated remote attacker to distinguish between valid and invalid usernames.

EPSS 0.17% · 37.9th percentile

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.17%

37.9th percentile

Affected Products

Vendor	Product	Versions
siemens	polarion_alm	2310, 2404
Siemens	Polarion V2404	0
Siemens	Polarion V2310	0

Timeline

May 13, 2025 EPSS Score
May 13, 2025 Coalition ESS Score
May 13, 2025 CVE Published
May 13, 2025 CVE Updated
May 15, 2025 PoC Published
May 24, 2025 EPSS Score
Jun 5, 2025 EPSS Score
Jun 16, 2025 EPSS Score
Jun 28, 2025 EPSS Score
Jul 9, 2025 EPSS Score
Jul 20, 2025 EPSS Score
Aug 1, 2025 EPSS Score

References

https://cert-portal.siemens.com/productcert/html/ssa-162255.html url
https://nvd.nist.gov/vuln/detail/CVE-2024-51447 advisory

Open in Interactive Console →