CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-51444: A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently...

6.5 CVSS

Description

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that bypasses authorization controls and allows to download any data from the application's database.

Classification

CVE ID: CVE-2024-51444

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem Types

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected Products

Vendor: Siemens

Product: Polarion V2310, Polarion V2404

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 17.94% (scored less or equal to compared to others)

EPSS Date: 2025-06-11 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-51444
https://cert-portal.siemens.com/productcert/html/ssa-162255.html

Timeline

2025-05-13 10:40:10 UTC
CVE

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently...
2025-05-15 16:30:51 UTC
All CISA Advisories

Siemens Polarion