CVE-2023-37484
SAP PowerDesigner 16.7 is affected by an information disclosure vulnerability where the login flow queries all password hashes in the backend database and compares them against the user-provided password, potentially enabling an attacker to access password hashes from client memory. The root caus...