CVE-2023-37484

CWE-327 — Broken Cryptographic Algorithm CWE-200 — Information Exposure3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 65.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Powerdesigner SAP Powerdesigner

Timeline

PublishedAug 8

Description

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDsap/powerdesigner16.7

▶CVEListV5sap_se/sap_powerdesigner16.7

🔴Vulnerability Details

CVEList

Information Disclosure Vulnerabilities in SAP PowerDesigner↗2023-08-08

▶

GHSA

GHSA-r8qv-5mc6-cp4c: SAP PowerDesigner - version 16↗2023-08-08

▶