Vulnerability Description
A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Polarion Alm | < 21.0 |
| Siemens | Polarion Subversion Webclient | All versions |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-562051.pdfPatchVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-562051.pdfPatchVendor Advisory
FAQ
What is CVE-2021-44478?
CVE-2021-44478 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent...
How severe is CVE-2021-44478?
CVE-2021-44478 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-44478?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Polarion Alm, Siemens Polarion Subversion Webclient.