Primary

Context

Siemens Polarion XXE Vulnerability in Docx Import Feature

Vulnerability

A XML External Entity Injection (XXE) vulnerability has been identified in Siemens Polarion versions prior to V2410, specifically in the V2404 series before V2404.4. This vulnerability resides in the docx import feature, allowing authenticated remote attackers to read arbitrary data from the application server.

Impact

Exploitation of this vulnerability could lead to unauthorized data access on the application server.

Remediation

Users are advised to update Polarion to V2410 or later. For Polarion V2404, patch releases can be applied.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens Polarion XXE Vulnerability in Docx Import Feature

Vulnerability

Impact

Remediation

Affected Products

Siemens Polarion

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating