CVE-2023-28828

Опубликовано: 11 апр. 2023

Источник: nvd

CVSS3: 5.9

CVSS3: 7.5

EPSS Низкий

Описание

A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-632164.pdf
Mitigation
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-632164.pdf
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:siemens:polarion_alm:*:*:*:*:*:*:*:*

Версия до 2304.0 (исключая)

EPSS

Процентиль: 36%

0.00147

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-611

Связанные уязвимости

GHSA-28cv-g234-w9cx

CVSS3: 5.3

github

больше 2 лет назад

A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.

EPSS

Процентиль: 36%

0.00147

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-611