cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-40310,https://securityvulnerability.io/vulnerability/CVE-2023-40310,Missing XML Validation vulnerability in SAP PowerDesigner Client BPMN2 import,"SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.

",SAP,SAP Powerdesigner Client,6.5,MEDIUM,0.0008800000068731606,false,,false,false,false,,,false,false,,2023-10-10T02:15:00.000Z,0
CVE-2023-40621,https://securityvulnerability.io/vulnerability/CVE-2023-40621,Code Injection vulnerability in SAP PowerDesigner Client,"SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default.",SAP,SAP PowerDesigner Client,6.3,MEDIUM,0.0009500000160187483,false,,false,false,false,,,false,false,,2023-09-12T03:15:00.000Z,0
CVE-2023-36923,https://securityvulnerability.io/vulnerability/CVE-2023-36923,Code Injection vulnerability in SAP PowerDesigner,"A vulnerability in SAP SQLA for PowerDesigner 17 and SAP PowerDesigner 16.7 SP06 PL03 enables an attacker with local access to introduce a malicious library into the system. Once executed by the application, this can alter the application’s behavior, potentially compromising security and functionality. Users are advised to apply necessary mitigations to prevent unauthorized library placements.",SAP,SAP Powerdesigner,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-08T01:15:00.000Z,0
CVE-2023-37483,https://securityvulnerability.io/vulnerability/CVE-2023-37483,Improper Access Control Vulnerabilities in SAP PowerDesigner,"SAP PowerDesigner, specifically version 16.7, is affected by an improper access control vulnerability that could allow an unauthenticated attacker to execute arbitrary queries against the backend database via a Proxy. This flaw poses significant risks as it may compromise sensitive data integrity and availability by enabling attackers to access and manipulate critical data without needing authentication steps.",SAP,SAP Powerdesigner,9.8,CRITICAL,0.0026199999265372753,false,,false,false,false,,,false,false,,2023-08-08T01:15:00.000Z,0
CVE-2023-37484,https://securityvulnerability.io/vulnerability/CVE-2023-37484,Information Disclosure Vulnerabilities in SAP PowerDesigner,"SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.",SAP,SAP Powerdesigner,5.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2023-08-08T01:15:00.000Z,0
CVE-2023-32111,https://securityvulnerability.io/vulnerability/CVE-2023-32111,Memory Corruption vulnerability in SAP PowerDesigner (Proxy),"In SAP PowerDesigner Proxy version 16.7, malicious actors can exploit a flaw in memory management by sending specially crafted requests from a remote location. This exploit can cause the proxy server to crash, severely disrupting the availability of the application and impacting business operations reliant on SAP PowerDesigner. It is crucial for users to assess their systems and implement necessary security measures to mitigate this vulnerability.",SAP,SAP Powerdesigner (proxy),7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2023-05-09T02:15:00.000Z,0
CVE-2022-31590,https://securityvulnerability.io/vulnerability/CVE-2022-31590,Local Privilege Escalation in SAP PowerDesigner Proxy by SAP,"SAP PowerDesigner Proxy version 16.7 is susceptible to a local privilege escalation vulnerability that allows an attacker with low privileges and local access to bypass system's root disk access restrictions. By writing or creating a program file in the system disk root path, the attacker could execute this file with elevated application privileges at startup or upon rebooting the system. This could lead to severe compromises in the confidentiality, integrity, and availability of the affected system.",SAP,SAP Powerdesigner Proxy 16.7,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-06-14T18:39:21.000Z,0