CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-44478

A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 73.3%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2021-44478

Siemens » Polarion Alm » Version: N/A

cpe:2.3:a:siemens:polarion_alm:-
Siemens » Polarion Alm » Version: 21.0

cpe:2.3:a:siemens:polarion_alm:21.0
Siemens » Polarion Subversion Webclient » Version: N/A

cpe:2.3:a:siemens:polarion_subversion_webclient:-
Siemens » Polarion Subversion Webclient » Version: 21

cpe:2.3:a:siemens:polarion_subversion_webclient:21

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-44478

Products

Pricing

Contact Us