Primary

Context

Siemens Polarion Observable Response Discrepancy Vulnerability in Username Validation

Vulnerability

A vulnerability exists in Siemens Polarion versions prior to 2410 and in all versions of Polarion V2404 prior to V2404.2. The issue arises from the login implementation, which exhibits an observable response discrepancy when validating usernames. This vulnerability could enable an unauthenticated remote attacker to differentiate between valid and invalid usernames.

Impact

Exploitation of this vulnerability allows for username enumeration, where an attacker can identify valid usernames within the application.

Remediation

Users are advised to update Polarion to version 2410 or later. For Polarion V2404, patch releases are available.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens Polarion Observable Response Discrepancy Vulnerability in Username Validation

Vulnerability

Impact

Remediation

Affected Products

Siemens Polarion V2310

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating