Lucene search

SapCVELIST:CVE-2023-37483

HistoryAug 08, 2023 - 12:39 a.m.

CVE-2023-37483 Improper Access Control Vulnerabilities in SAP PowerDesigner

2023-08-0800:39:33

CWE-284

sap

www.cve.org

vulnerability

access control

sap

powerdesigner

version 16.7

arbitrary queries

proxy

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP PowerDesigner",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "16.7"
      }
    ]
  }
]

References

me.sap.com/notes/3341460

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

Related for CVELIST:CVE-2023-37483