Improper Access Control Vulnerabilities in SAP PowerDesigner
CVE-2023-37483

9.8CRITICAL

Key Information:

Vendor: SAP
Status: SAP Powerdesigner
Vendor: CVE Published:; 8 August 2023

What is CVE-2023-37483?

SAP PowerDesigner, specifically version 16.7, is affected by an improper access control vulnerability that could allow an unauthenticated attacker to execute arbitrary queries against the backend database via a Proxy. This flaw poses significant risks as it may compromise sensitive data integrity and availability by enabling attackers to access and manipulate critical data without needing authentication steps.

Affected Version(s)

SAP PowerDesigner 16.7

References

https://me.sap.com/notes/3341460

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jul 6, 2023