Polarion Alm
CVE-2022-46265
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Primary rating from Vendor (siemens) · only source for this CVE.
CVSS VectorVendor: siemens
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites.
AnalysisAI
A vulnerability has been identified in Polarion ALM (All versions < V2304.0). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-74. A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites. Affected products include: Siemens Polarion Alm.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Polarion Alm
View allA vulnerability has been identified in Polarion ALM (All versions < V2404.0). Rated critical severity (CVSS 9.8), this v
A vulnerability has been identified in Polarion ALM (All versions < V22R2). Rated medium severity (CVSS 5.9), this vulne
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). Rated med
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). Rated med
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). Rated hig
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). Rated hig
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today