CVE-2022-31590

Name of the Vulnerable Software and Affected Versions SAP PowerDesigner Proxy version 16.7

Description The issue is related to a lack of proper quoting in SQL query elements or search paths in the SAP PowerDesigner Proxy service. An attacker with low privileges and local access can exploit this to create a program file on the system disk root path, which could then be executed with elevated privileges during application start-up or reboot. This could compromise the Confidentiality, Integrity, and Availability of the system.

Recommendations For SAP PowerDesigner Proxy version 16.7, consider restricting local access to the system and limiting the ability to write or create files on the system disk root path as a temporary mitigation measure. Ensure that all users with access to the system have the least privileges necessary to perform their tasks, and monitor the system for any unauthorized file creations or modifications. At the moment, there is no information about a newer version that contains a fix for this vulnerability.