Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-37484

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.

Published

2023-08-08T01:15:17.627

Last Modified

2024-11-21T08:11:48.527

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-327

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	powerdesigner	16.7	Yes

References

https://me.sap.com/notes/3341460 Permissions Required ([email protected])
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory ([email protected])
https://me.sap.com/notes/3341460 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)