A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-04
https://cert-portal.siemens.com/productcert/html/ssa-925850.html