CVE-2023-37484

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:powerdesigner:16.7:*:*:*:*:*:*:*

History

26 Sep 2024, 19:15

Type Values Removed Values Added
CWE CWE-200 CWE-327
Summary (en) SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory. (en) SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.

09 Aug 2023, 18:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CPE cpe:2.3:a:sap:powerdesigner:16.7:*:*:*:*:*:*:*
References (MISC) https://me.sap.com/notes/3341460 - (MISC) https://me.sap.com/notes/3341460 - Permissions Required
References (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory

08 Aug 2023, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-08 01:15

Updated : 2024-09-26 19:15


NVD link : CVE-2023-37484

Mitre link : CVE-2023-37484

CVE.ORG link : CVE-2023-37484


JSON object : View

Products Affected

sap

  • powerdesigner
CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm