PT-2023-6500 · Sap · Sap Powerdesigner
Published
2023-08-08
·
Updated
2024-09-28
·
CVE-2023-37483
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SAP PowerDesigner version 16.7
Description
The issue is related to improper access control in SAP PowerDesigner, which could allow an unauthenticated attacker to run arbitrary queries against the back-end database via a proxy. This could potentially be exploited by a remote attacker.
Recommendations
For SAP PowerDesigner version 16.7, consider restricting access to the proxy server to minimize the risk of exploitation until a patch is available. As a temporary workaround, limiting the ability to run arbitrary queries against the back-end database can help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authentication
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sap Powerdesigner