SB2023080901 - Multiple vulnerabilities in SAP PowerDesigner

Security Bulletin ID SB2023080901

Severity

High

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Untrusted search path (CVE-ID: CVE-2023-36923)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an untrusted search path. A local user can place a malicious library on the system and force the application execute it with elevated privileges.

2) Information disclosure (CVE-ID: CVE-2023-37484)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to design error in the authentication mechanism. The application queries all password hashes in the backend database and compares them with the user provided one during login attempt. A local user can access all password hashes from the clients memory.

3) Improper access control (CVE-ID: CVE-2023-37483)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and run arbitrary queries against the back-end database via Proxy.

Remediation

Install update from vendor's website.

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html?august2023