all InfoSec news
SSA-632164 V1.0: External Entity Injection Vulnerability in Polarion ALM
Siemens ProductCERT Security Advisories cert-portal.siemens.com
Polarion ALM is vulnerable to XML External Entity (XXE) injection attack that could allow an attacker to potentially disclose confidential data.
Siemens has released an update for Polarion ALM and recommends to update to the latest version, and update specific configurations to mitigate against the vulnerability. The configuration changes to mitigate this vulnerability will be default from Polarion V2304.
attack attacker confidential configuration configuration changes data external injection injection attack latest siemens ssa update version vulnerability vulnerable xml xxe