CVE-2024-33647 MEDIUM

CVE-2024-33647

Vendor Siemens
Product Polarion ALM
Weakness CWE-284
Published May 14, 2024
Last update August 27, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.

Key dates

02Disclosure timeline

May 14, 2024 CVE published
August 27, 2025 Record updated