SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3341460 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
History
26 Sep 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-327 | |
Summary | (en) SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory. |
09 Aug 2023, 18:21
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:sap:powerdesigner:16.7:*:*:*:*:*:*:* | |
References | (MISC) https://me.sap.com/notes/3341460 - Permissions Required | |
References | (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory |
08 Aug 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-08 01:15
Updated : 2024-09-26 19:15
NVD link : CVE-2023-37484
Mitre link : CVE-2023-37484
CVE.ORG link : CVE-2023-37484
JSON object : View
Products Affected
sap
- powerdesigner
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm