CVE-2024-33647 Information

Description

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user’s allowed projects.

Reference

https://cert-portal.siemens.com/productcert/html/ssa-925850.html