CVE-2023-40621
Severity
6.3MEDIUM
EPSS
0.2%
top 53.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 12
Latest updateSep 13
Description
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4