Vulnerabilities > CVE-2023-28828 - XXE vulnerability in Siemens Polarion ALM 21.0

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
high complexity
siemens
CWE-611

Summary

A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.

Vulnerable Configurations

Part Description Count
Application
Siemens
4