Improper access control

SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy...

Design/Logic Flaw

SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application...

Default credentials

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...

CVE-2023-37484 Information Disclosure Vulnerabilities in SAP PowerDesigner

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...

CVE-2023-37484 Information Disclosure Vulnerabilities in SAP PowerDesigner

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...

CVE-2023-37484

SAP PowerDesigner 16.7 is affected by an information disclosure vulnerability where the login flow queries all password hashes in the backend database and compares them against the user-provided password, potentially enabling an attacker to access password hashes from client memory. The root caus...

CVE-2023-37483 Improper Access Control Vulnerabilities in SAP PowerDesigner

SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy...

CVE-2023-37483

CVE-2023-37483 affects SAP PowerDesigner 16.7. The issue is improper access control that could let an unauthenticated attacker run arbitrary queries against the backend database via the proxy. Impact is high (confidentiality, integrity, availability each rated high). Exploitation details are not ...

CVE-2023-37483 Improper Access Control Vulnerabilities in SAP PowerDesigner

SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy...

CVE-2023-36923 Code Injection vulnerability in SAP PowerDesigner

SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application...

CVE-2023-36923 Code Injection vulnerability in SAP PowerDesigner

SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application...

CVE-2023-36923

The CVE-2023-36923 entry concerns SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03. A local attacker can place a malicious library that the application executes, giving the attacker control over the application’s behavior. Affected component/issue: code injection via ma...

SAP PowerDesigner 代码注入漏洞

SAP PowerDesigner is a database design software from SAP Germany. SAP PowerDesigner suffers from a code injection vulnerability that originates when an attacker with local access to the system places a malicious library that can be executed by the application. No details of the vulnerability are...

SAP PowerDesigner Information Disclosure Vulnerability

SAP PowerDesigner is a database design software from SAP, Germany. An information disclosure vulnerability exists in SAP PowerDesigner that originates from a special method to access password hashes from client memory...

PT-2023-6500 · Sap · Sap Powerdesigner

Name of the Vulnerable Software and Affected Versions: SAP PowerDesigner version 16.7 Description: The issue is related to improper access control in SAP PowerDesigner, which could allow an unauthenticated attacker to run arbitrary queries against the back-end database via a proxy. This could...

SAP PowerDesigner 访问控制错误漏洞

SAP PowerDesigner is a database design software from SAP Germany. SAP PowerDesigner suffers from an Access Control Error vulnerability that arises from having incorrect access control and can be exploited by an unauthenticated attacker to run arbitrary queries against the backend database via a...

PT-2023-4252 · Sap · Sap Powerdesigner +2

Name of the Vulnerable Software and Affected Versions: SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03 Description: The issue is related to the integration of a malicious library due to incorrect code generation management in the SAP SQL Anywhere tool for SAP...

PT-2023-4251 · Sap · Sap Powerdesigner

Name of the Vulnerable Software and Affected Versions: SAP PowerDesigner version 16.7 Description: The issue is related to insufficient protection of service data due to the handling of password hashes during login attempts. This may allow a remote attacker to gain unauthorized access to protecte...

SAP PowerDesigner Memory Corruption Vulnerability

SAP PowerDesigner is a database design software from SAP Germany. A memory security vulnerability exists in SAP PowerDesigner, which can be exploited by a remote attacker to submit a special request that can crash the proxy service program, resulting in a denial-of-service attack...

CVE-2023-32111

In SAP PowerDesigner Proxy - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application...