SAP PowerDesigner Client - version 16.7, allows an unauthenticated malicious user to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap powerdesigner 16.7 |