Improper Access Control Vulnerabilities in SAP PowerDesigner
CVE-2023-37483
9.8CRITICAL
What is CVE-2023-37483?
SAP PowerDesigner, specifically version 16.7, is affected by an improper access control vulnerability that could allow an unauthenticated attacker to execute arbitrary queries against the backend database via a Proxy. This flaw poses significant risks as it may compromise sensitive data integrity and availability by enabling attackers to access and manipulate critical data without needing authentication steps.
Affected Version(s)
SAP PowerDesigner 16.7