27 matches found
CVE-2023-37483
CVE-2023-37483 affects SAP PowerDesigner 16.7. The issue is improper access control that could let an unauthenticated attacker run arbitrary queries against the backend database via the proxy. Impact is high (confidentiality, integrity, availability each rated high). Exploitation details are not ...
CVE-2023-37483 Improper Access Control Vulnerabilities in SAP PowerDesigner
SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy...
CVE-2023-32111
In SAP PowerDesigner Proxy - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application...
CVE-2023-32111 Memory Corruption vulnerability in SAP PowerDesigner (Proxy)
In SAP PowerDesigner Proxy - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application...
CVE-2022-31590
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the...
Code injection
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the...
CVE-2022-31590
CVE-2022-31590 affects SAP PowerDesigner Proxy 16.7. An attacker with low privileges and local access can bypass root-disk access restrictions to write a program file on the system disk root, which could be executed with elevated privileges during startup or reboot, potentially impacting confiden...