Polarion ALM is affected by incorrect default path permissions in installation path, and improper authentication in the REST API endpoints of DOORS connector. An attacker could exploit the vulnerabilities for unauthenticated access, or privilege escalation. Siemens is preparing fixes for the vulnerabilities in Polarion 2404 which is expected to be released in April 2024 and recommends countermeasures for products where fixes are not, or not yet available.
https://cert-portal.siemens.com/productcert/html/ssa-871717.html