Skip to main content

Powerdesigner

5 CVEs product

Monthly

CVE-2023-40310 HIGH This Week

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Powerdesigner
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-40621 MEDIUM This Month

SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP RCE Code Injection Powerdesigner
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2023-37484 MEDIUM This Month

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Powerdesigner
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-37483 CRITICAL Act Now

SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Powerdesigner
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-36923 HIGH This Week

SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

SAP RCE Code Injection Powerdesigner
NVD
CVSS 3.1
7.8
EPSS
0.2%
EPSS 1% CVSS 7.5
HIGH This Week

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Powerdesigner
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP RCE Code Injection +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Powerdesigner
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Powerdesigner
NVD
EPSS 0% CVSS 7.8
HIGH This Week

SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

SAP RCE Code Injection +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy