Full Report
The Apache Lucene based query engine in Polarion ALM lacks proper access controls. This could allow an authenticated user to query items beyond the user’s allowed projects. Siemens has released a new version for Polarion ALM and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Improper Access Control in Polarion ALM Query Engine
## CVE Details
- CVE ID: CVE-2024-33647
- CVSS Score: 6.5 (CVSS v3.1) / 7.1 (CVSS v4.0) (Medium/High)
- CWE: CWE-284: Improper Access Control
## Affected Systems
- Products: Polarion ALM
- Versions: All versions **prior to V2404.0**
- Configurations: Any configuration where an authenticated user interacts with the Apache Lucene based query engine.
## Vulnerability Description
The vulnerability resides in the Apache Lucene based query engine utilized by Polarion ALM. It is a form of Improper Access Control (CWE-284). This flaw allows an **authenticated user** to execute queries that bypass intended authorization checks, enabling them to retrieve or view items belonging to projects to which they should otherwise not have access.
## Exploitation
- Status: Not explicitly stated as exploited in the wild; typically indicative of researcher discovery.
- Complexity: Low (CVSS v3.1 vector suggests AC:L - Low Attack Complexity)
- Attack Vector: Network (AV:N)
## Impact
- Confidentiality: **High** (Authenticated user can access sensitive data from unintended projects)
- Integrity: No impact noted (I:N)
- Availability: No impact noted (A:N)
## Remediation
### Patches
- Update to **V2404.0 or a later version** of Polarion ALM.
### Workarounds
- No specific direct workarounds are detailed beyond general security recommendations. Users are advised to follow Siemens' operational guidelines for Industrial Security and product manual recommendations.
## Detection
- Detection methods are not specified, but monitoring query patterns and unusual data access activity by authenticated users targeting unauthorized projects would be advisable.
## References
- Vendor Advisory: SSA-925850 (Siemens Security Advisory)
- Siemens Support Portal: https://support.sw.siemens.com/