Main Vulnerability Database Vulnerabilities #VU79265

Information disclosure in PowerDesigner - CVE-2023-37484

Published: August 9, 2023

Vulnerability identifier: #VU79265

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-37484

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
PowerDesigner

Software vendor:
SAP

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to design error in the authentication mechanism. The application queries all password hashes in the backend database and compares them with the user provided one during login attempt. A local user can access all password hashes from the clients memory.

Remediation

Install updates from vendor's website.

External links

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html?august2023

Information disclosure in PowerDesigner - CVE-2023-37484

Description

Remediation

External links

Please verify you're human