Multiple vulnerabilities in SAP PowerDesigner
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2023-36923 CVE-2023-37484 CVE-2023-37483 |
| CWE-ID | CWE-426 CWE-200 CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
PowerDesigner Client/Desktop applications / Multimedia software |
| Vendor | SAP |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Untrusted search path
EUVDB-ID: #VU79266
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36923
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an untrusted search path. A local user can place a malicious library on the system and force the application execute it with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsPowerDesigner: 16.7
CPE2.3 External linkshttp://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html?august2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU79265
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37484
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to design error in the authentication mechanism. The application queries all password hashes in the backend database and compares them with the user provided one during login attempt. A local user can access all password hashes from the clients memory.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPowerDesigner: 16.7
CPE2.3 External linkshttp://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html?august2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU79264
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37483
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and run arbitrary queries against the back-end database via Proxy.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPowerDesigner: 16.7
CPE2.3 External linkshttp://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html?august2023
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
