OTPulse
FeedAboutContact

Cross-Site Scripting Vulnerability in Polarion ALM

Monitor6.5SSA-562051Mar 8, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

The Subversion Webclient in Polarion ALM contains a cross-site scripting (XSS) vulnerability that can be triggered by sending crafted links to administrator users. If an administrator clicks a malicious link, arbitrary JavaScript executes in their authenticated browser session, potentially enabling credential theft or unauthorized administrative actions.

What this means
What could happen
An attacker could trick an administrator into clicking a malicious link that executes JavaScript in their browser session, potentially allowing the attacker to steal session credentials or perform administrative actions in Polarion ALM.
Who's at risk
Organizations using Polarion ALM for application lifecycle management and configuration management, particularly those with administrative staff who access the Subversion WebClient interface. This affects engineering teams and IT operations groups that rely on Polarion for document control and release management.
How it could be exploited
An attacker crafts a specially formatted URL containing malicious JavaScript and sends it to an administrator of Polarion ALM (via email, chat, or other means). When the administrator clicks the link, the JavaScript executes in their authenticated browser session, allowing the attacker to steal cookies, credentials, or perform actions as that administrator.
Prerequisites
  • Administrator user account in Polarion ALM must click the attacker-supplied malicious link
  • Administrator must be logged into Polarion ALM when clicking the link
Requires user interaction (administrator must click malicious link)Remotely exploitable over networkAffects administrative functionalityLow complexity attack
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (2)
1 with fix1 EOL
ProductAffected VersionsFix Status
Polarion ALM< V21 R2 P221 R2 P2
Polarion WebClient for SVNAll versionsNo fix (EOL)
Remediation & Mitigation
0/2
Do now
0/1
Polarion WebClient for SVN
WORKAROUNDIf Polarion WebClient for SVN cannot be updated, restrict access to the WebClient to trusted networks only using firewall rules or VPN
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

Polarion ALM
HOTFIXUpdate Polarion ALM to version 21 R2 P2 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f9635af1-4e25-4e46-bf2c-7e718b541501
Cross-Site Scripting Vulnerability in Polarion ALM | CVSS 6.5 - OTPulse