Sap Se Sap Powerdesigner vulnerabilities

CVE-2023-37483 [CRITICAL] CWE-306 CVE-2023-37483: SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated a SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.

CVE-2023-36923 [HIGH] CWE-94 CVE-2023-36923: SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application.

CVE-2023-37484 [MEDIUM] CWE-327 CVE-2023-37484: SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares i SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.

CVE-2023-32111 [HIGH] CWE-787 CVE-2023-32111: In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote ho In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application.