CVE-2022-31590
First published: Tue Jun 14 2022(Updated: )
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP PowerDesigner | =16.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-31590?
CVE-2022-31590 has a high severity rating due to its potential to allow unauthorized program execution with elevated privileges.
How do I fix CVE-2022-31590?
To fix CVE-2022-31590, ensure that you apply the latest security patches provided by SAP for PowerDesigner Proxy version 16.7.
Who is affected by CVE-2022-31590?
CVE-2022-31590 affects users of SAP PowerDesigner Proxy version 16.7 who have local access to the system.
What are the potential impacts of CVE-2022-31590?
The potential impacts of CVE-2022-31590 include unauthorized program execution and escalation of privileges on the affected system.
Is CVE-2022-31590 a remote vulnerability?
No, CVE-2022-31590 requires local access to exploit the vulnerability.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap powerdesigner
- version/sap powerdesigner/16.7