SAP Powerdesigner
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in SAP Powerdesigner.
By the Year
In 2026 there have been 0 vulnerabilities in SAP Powerdesigner. Powerdesigner did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 6 | 7.37 |
It may take a day or so for new Powerdesigner vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SAP Powerdesigner Security Vulnerabilities
SAP PowerDesigner v16.7 XML Import External Entity URLs accessed leads DoS
CVE-2023-40310
7.5 - High
- October 10, 2023
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.
Missing XML Validation
SAP PowerDesigner Client 16.7 VBScript Injection via Document: Unauth Exec
CVE-2023-40621
6.3 - Medium
- September 12, 2023
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default.
Code Injection
SAP PowerDesigner 16.7 Exposes Password Hashes via VB Memory Access
CVE-2023-37484
5.3 - Medium
- August 08, 2023
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.
Use of a Broken or Risky Cryptographic Algorithm
SAP PowerDesigner 16.7 Improper AC via Proxy Enables Arbitrary DB Queries
CVE-2023-37483
9.8 - Critical
- August 08, 2023
SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.
Missing Authentication for Critical Function
Local Lib Exec in SAP SQLA for PowerDesigner 17 on PD 16.7 SP06 PL03
CVE-2023-36923
7.8 - High
- August 08, 2023
SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application.
Code Injection
Memory Corruption Crash in SAP PowerDesigner Proxy 16.7
CVE-2023-32111
7.5 - High
- May 09, 2023
In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SAP Powerdesigner or by SAP? Click the Watch button to subscribe.
