CVE-2023-37484: Information Disclosure Vulnerabilities in SAP PowerDesigner
First published: Tue Aug 08 2023(Updated: )
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.
Credit: cna@sap.com cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP PowerDesigner | =16.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-37484?
CVE-2023-37484 is a vulnerability in SAP PowerDesigner version 16.7 that allows an attacker to access password hashes from the client's memory.
How does SAP PowerDesigner version 16.7 handle passwords?
SAP PowerDesigner version 16.7 queries all password hashes in the backend database and compares them with the user-provided one during a login attempt.
What is the severity of CVE-2023-37484?
The severity of CVE-2023-37484 is medium with a CVSS score of 5.3.
How can an attacker exploit CVE-2023-37484?
An attacker can exploit CVE-2023-37484 by accessing password hashes from the client's memory.
Is there a fix for CVE-2023-37484?
To fix CVE-2023-37484, it is recommended to update SAP PowerDesigner to a version that does not have this vulnerability.
- collector/nvd-index
- agent/author
- agent/references
- agent/type
- agent/softwarecombine
- agent/severity
- agent/title
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/sap
- canonical/sap powerdesigner
- version/sap powerdesigner/16.7