Code Injection vulnerability in SAP PowerDesigner Client
CVE-2023-40621
6.3MEDIUM
What is CVE-2023-40621?
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default.
Affected Version(s)
SAP PowerDesigner Client 16.7