Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap powerdesigner 16.7 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-37483
SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated malicious user to run arbitrary queries against the back-end database via Proxy.
Sap Powerdesigner 16.7
7.8
CVSSv3
CVE-2023-36923
SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application.
Sap Powerdesigner 16.7
7.8
CVSSv3
CVE-2022-31590
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated pr...
Sap Powerdesigner Proxy 16.7
7.5
CVSSv3
CVE-2023-40310
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of...
Sap Powerdesigner 16.7
7.5
CVSSv3
CVE-2023-32111
In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of th...
Sap Powerdesigner Proxy 16.7
6.3
CVSSv3
CVE-2023-40621
SAP PowerDesigner Client - version 16.7, allows an unauthenticated malicious user to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or pr...
Sap Powerdesigner 16.7
5.3
CVSSv3
CVE-2023-37484
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an malicious user to access password hashes from the client's memory.
Sap Powerdesigner 16.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started