76 matches found
SAP PowerDesigner Code Injection Vulnerability (CNVD-2024-23328)
SAP PowerDesigner is a database design software from SAP Germany. A code injection vulnerability exists in SAP PowerDesigner version 16.7 that originates from allowing an unauthenticated attacker to inject VBScript code into a document. An attacker could exploit this vulnerability to cause...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including. Business Objects, HANA, Netweaver and Powerdesigner. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data...
CVE-2023-40621
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before...
CVE-2023-40621 Code Injection vulnerability in SAP PowerDesigner Client
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before...
CVE-2023-40621
CVE-2023-40621 affects SAP PowerDesigner Client 16.7, where an unauthenticated attacker can inject VBScript into a document and have it executed when opened by a user. The root cause is VBScript code execution within documents due to default security settings not preventing untrusted scripts. Imp...
CVE-2023-40621 Code Injection vulnerability in SAP PowerDesigner Client
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before...
SAP PowerDesigner 代码注入漏洞
SAP PowerDesigner is a database design software from SAP Germany. A code injection vulnerability exists in SAP PowerDesigner version 16.7 that originates from allowing an unauthenticated attacker to inject VBScript code into a document. An attacker could exploit this vulnerability to cause...
PT-2023-27544 · Sap · Sap Powerdesigner Client
Name of the Vulnerable Software and Affected Versions: SAP PowerDesigner Client version 16.7 Description: The issue allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. Th...
PT-2023-5922 · Sap · Sap Powerdesigner Client
Name of the Vulnerable Software and Affected Versions: SAP PowerDesigner Client version 16.7 Description: The issue is related to the import function of BPMN files in the Business Process Modeling BPM module of the SAP PowerDesigner enterprise architecture modeling tool. It does not sufficiently...
SAP PowerDesigner Code Injection Vulnerability
SAP PowerDesigner is a database design software from SAP Germany. SAP PowerDesigner suffers from a code injection vulnerability that originates when an attacker with local access to the system places a malicious library that can be executed by the application. No details of the vulnerability are...
The vulnerability of SAP PowerDesigner, a tool for modeling enterprise architecture, relates to insufficient protection of operational data, allowing attackers to gain unauthorized access to protected information.
The vulnerability of SAP PowerDesigner, a tool for modeling enterprise architecture, lies in the insufficient protection of operational data during the processing of password hashes when attempting to access the system. Exploiting this vulnerability can allow an attacker, operating remotely, to...
The vulnerability of the SAP SQL Anywhere relational database management system, related to the incorrect code generation in the SAP PowerDesigner architecture modeling tool, allows an attacker to gain full control over the application.
The vulnerability of the SAP SQL Anywhere relational database management system, related to the integration of a malicious library due to improper code generation, affects the SAP PowerDesigner architecture modeling tool. Exploiting this vulnerability can allow attackers to gain full control over...
SAP PowerDesigner Access Control Error Vulnerability
SAP PowerDesigner is a database design software from SAP Germany. SAP PowerDesigner suffers from an Access Control Error vulnerability that arises from having incorrect access control and can be exploited by an unauthenticated attacker to run arbitrary queries against the backend database via a...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including Business Objects, Netweaver and Powerdesigner. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing...
CVE-2023-37484
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...
CVE-2023-37483
SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy...
CVE-2023-37484
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...
CVE-2023-37483
SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy...
CVE-2023-36923
SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application...
CVE-2023-36923
SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application...