CVE-2024-51446
📋 TL;DR
This vulnerability allows authenticated remote attackers to upload malicious XML files containing stored cross-site scripting (XSS) payloads in Polarion applications. When other users download and view these files, the XSS payload executes in their browser context. This affects all versions of Polarion V2310 and Polarion V2404 versions before V2404.4.
💻 Affected Systems
- Polarion V2310
- Polarion V2404
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, hijack user accounts, perform actions as authenticated users, or redirect users to malicious sites, potentially leading to full application compromise.
Likely Case
Attackers steal session tokens or credentials from users who download malicious XML files, leading to unauthorized access to sensitive project data within Polarion.
If Mitigated
Limited to authenticated users only, with proper input validation preventing successful exploitation.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of XML file upload functionality; stored XSS payloads execute when victims download/view files.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V2404.4
Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-162255.html
Restart Required: Yes
Instructions:
1. Download Polarion V2404.4 update from Siemens support portal. 2. Backup current installation and data. 3. Apply the update following Siemens installation guide. 4. Restart Polarion services. 5. Verify successful update.
🔧 Temporary Workarounds
Disable XML file uploads
allTemporarily disable XML file upload functionality in Polarion configuration
Modify Polarion configuration files to restrict XML uploads
Implement WAF rules
allAdd web application firewall rules to block malicious XML content
Configure WAF to inspect and block XML files containing script tags or JavaScript
🧯 If You Can't Patch
- Implement strict file upload validation to reject XML files containing script elements
- Require administrative approval for all XML file uploads and implement user awareness training
🔍 How to Verify
Check if Vulnerable:
Check Polarion version in administration console; if version is V2310 any version or V2404 < V2404.4, system is vulnerable.Check Version:
Check Polarion administration console or system properties for version informationVerify Fix Applied:
Verify Polarion version shows V2404.4 or later; test XML file upload with XSS payload to confirm sanitization.📡 Detection & Monitoring
Log Indicators:
- Unusual XML file uploads
- Multiple failed upload attempts
- Large XML files from single users
Network Indicators:
- XML file uploads containing script tags
- Base64 encoded payloads in upload requests
SIEM Query:
source="polarion" AND (event="file_upload" AND file_type="xml") AND (content CONTAINS "<script>" OR content CONTAINS "javascript:")