SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3341460 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
History
09 Aug 2023, 18:21
Type | Values Removed | Values Added |
---|---|---|
First Time |
Sap
Sap powerdesigner |
|
CPE | cpe:2.3:a:sap:powerdesigner:16.7:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | (MISC) https://me.sap.com/notes/3341460 - Permissions Required | |
References | (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory |
08 Aug 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-08 01:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-37484
Mitre link : CVE-2023-37484
CVE.ORG link : CVE-2023-37484
JSON object : View
Products Affected
sap
- powerdesigner
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor