CVE-2023-36923 HIGH

CVE-2023-36923: Code Injection vulnerability in SAP PowerDesigner

Vendor Sap_Se
Product SAP PowerDesigner
Weakness CWE-94 · Code injection
Published August 8, 2023
Last update October 10, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application.

Key dates

02Disclosure timeline

August 8, 2023 CVE published
October 10, 2024 Record updated