CVE-2023-37484 MEDIUM

CVE-2023-37484: Information Disclosure Vulnerabilities in SAP PowerDesigner

Vendor Sap_Se
Product SAP PowerDesigner
Weakness CWE-327 · Broken crypto
Published August 8, 2023
Last update October 10, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.

Key dates

02Disclosure timeline

August 8, 2023 CVE published
October 10, 2024 Record updated