cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-40310,https://securityvulnerability.io/vulnerability/CVE-2023-40310,Missing XML Validation vulnerability in SAP PowerDesigner Client BPMN2 import,"SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.

",SAP,SAP Powerdesigner Client,6.5,MEDIUM,0.0008800000068731606,false,false,false,false,,false,false,2023-10-10T02:15:00.000Z,0
CVE-2023-40621,https://securityvulnerability.io/vulnerability/CVE-2023-40621,Code Injection vulnerability in SAP PowerDesigner Client,"SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default.",SAP,SAP PowerDesigner Client,6.3,MEDIUM,0.000859999970998615,false,false,false,false,,false,false,2023-09-12T03:15:00.000Z,0
CVE-2023-36923,https://securityvulnerability.io/vulnerability/CVE-2023-36923,Code Injection vulnerability in SAP PowerDesigner,"A vulnerability in SAP SQLA for PowerDesigner 17 and SAP PowerDesigner 16.7 SP06 PL03 enables an attacker with local access to introduce a malicious library into the system. Once executed by the application, this can alter the application’s behavior, potentially compromising security and functionality. Users are advised to apply necessary mitigations to prevent unauthorized library placements.",SAP,SAP Powerdesigner,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-08-08T01:15:00.000Z,0
CVE-2023-37484,https://securityvulnerability.io/vulnerability/CVE-2023-37484,Information Disclosure Vulnerabilities in SAP PowerDesigner,"SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.",SAP,SAP Powerdesigner,5.3,MEDIUM,0.000750000006519258,false,false,false,false,,false,false,2023-08-08T01:15:00.000Z,0
CVE-2023-37483,https://securityvulnerability.io/vulnerability/CVE-2023-37483,Improper Access Control Vulnerabilities in SAP PowerDesigner,"SAP PowerDesigner, specifically version 16.7, is affected by an improper access control vulnerability that could allow an unauthenticated attacker to execute arbitrary queries against the backend database via a Proxy. This flaw poses significant risks as it may compromise sensitive data integrity and availability by enabling attackers to access and manipulate critical data without needing authentication steps.",SAP,SAP Powerdesigner,9.8,CRITICAL,0.0026100000832229853,false,false,false,false,,false,false,2023-08-08T01:15:00.000Z,0
CVE-2023-32111,https://securityvulnerability.io/vulnerability/CVE-2023-32111,Memory Corruption vulnerability in SAP PowerDesigner (Proxy),"In SAP PowerDesigner Proxy version 16.7, malicious actors can exploit a flaw in memory management by sending specially crafted requests from a remote location. This exploit can cause the proxy server to crash, severely disrupting the availability of the application and impacting business operations reliant on SAP PowerDesigner. It is crucial for users to assess their systems and implement necessary security measures to mitigate this vulnerability.",SAP,SAP PowerDesigner (Proxy),7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2023-05-09T02:15:00.000Z,0
CVE-2022-31590,https://securityvulnerability.io/vulnerability/CVE-2022-31590,,"SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.",SAP,SAP Powerdesigner Proxy 16.7,7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2022-06-14T18:39:21.000Z,0