CVE-2023-36923

Name of the Vulnerable Software and Affected Versions SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03

Description The issue is related to the integration of a malicious library due to incorrect code generation management in the SAP SQL Anywhere tool for SAP PowerDesigner. This could allow an attacker with local access to the system to place a malicious library that can be executed by the application, potentially giving the attacker control over the application's behavior.

Recommendations For SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, consider restricting access to the system to prevent an attacker from placing a malicious library until a fix is available. As a temporary workaround, review and monitor the application's behavior closely for any signs of malicious activity. At the moment, there is no information about a newer version that contains a fix for this vulnerability.