SAP Powerdesigner
By the Year
In 2024 there have been 0 vulnerabilities in SAP Powerdesigner . Last year Powerdesigner had 5 security vulnerabilities published. Right now, Powerdesigner is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 5 | 7.34 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Powerdesigner vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SAP Powerdesigner Security Vulnerabilities
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source
CVE-2023-40310
7.5 - High
- October 10, 2023
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.
Missing XML Validation
SAP PowerDesigner Client - version 16.7
CVE-2023-40621
6.3 - Medium
- September 12, 2023
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default.
Code Injection
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might
CVE-2023-37484
5.3 - Medium
- August 08, 2023
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.
Information Disclosure
SAP PowerDesigner - version 16.7, has improper access control which might
CVE-2023-37483
9.8 - Critical
- August 08, 2023
SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.
Authorization
SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library
CVE-2023-36923
7.8 - High
- August 08, 2023
SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application.
Code Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SAP Powerdesigner or by SAP? Click the Watch button to subscribe.
