Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Siemens Polarion 代码问题漏洞
Vulnerability Description
Siemens Polarion是德国西门子(Siemens)公司的一套应用程序生命周期管理软件。该软件支持在统一、模块化、基于浏览器的软件环境上进行端到端的企业级应用程序开发。 Siemens Polarion ALM V2304.0之前版本存在代码问题漏洞,该漏洞源于系统存在XML 外部实体注入 (XXE) 问题,攻击者利用该漏洞可以查看应用程序服务器文件系统上的文件。
CVSS Information
N/A
Vulnerability Type
N/A