Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Siemens Polarion 访问控制错误漏洞
Vulnerability Description
Siemens Polarion是德国西门子(Siemens)公司的一套应用程序生命周期管理软件。该软件支持在统一、模块化、基于浏览器的软件环境上进行端到端的企业级应用程序开发。 Siemens Polarion ALM 存在访问控制错误漏洞,该漏洞源于受影响的应用程序中基于 Apache Lucene 的查询引擎缺乏适当的访问控制。
CVSS Information
N/A
Vulnerability Type
N/A