Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistSiemensCVELIST:CVE-2021-44478
HistoryMar 08, 2022 - 11:31 a.m.

CVE-2021-44478

2022-03-0811:31:24
CWE-79
siemens
www.cve.org
1
vulnerability
polarion alm
webclient for svn
arbitrary code execution
cross-site scripting
sensitive information extraction
administrator privileges

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

31.5%

JSON

A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges.

CNA Affected

[
  {
    "product": "Polarion ALM",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V21 R2 P2"
      }
    ]
  },
  {
    "product": "Polarion WebClient for SVN",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

Related

prion 1
cve 1
cnvd 1
ics 1
nvd 1
prion
prion
Cross site scripting
2022-03-08 12:15:00
cve
cve
CVE-2021-44478
2022-03-08 12:15:11
cnvd
cnvd
Siemens Polarion ALM Cross-Site Scripting Vulnerability
2022-03-09 00:00:00
ics
ics
Siemens Polarion ALM (Update A)
2022-04-14 12:00:00
nvd
nvd
CVE-2021-44478
2022-03-08 12:15:11

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

31.5%

JSON
Related for CVELIST:CVE-2021-44478
prion1cve1cnvd1ics1nvd1