Polarion ALM XXE Leading to File Disclosure
CVE-2023-28828 Published on April 11, 2023
A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.
Weakness Type
What is a XXE Vulnerability?
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CVE-2023-28828 has been classified to as a XXE vulnerability or weakness.
Products Associated with CVE-2023-28828
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-28828 are published in Siemens Polarion Alm:
Affected Versions
Siemens Polarion ALM Version All versions < V22R2 is affected by CVE-2023-28828Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.