CVE-2023-37483 is a vulnerability in SAP Powerdesigner
Published on August 8, 2023
SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.
Vulnerability Analysis
CVE-2023-37483 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2023-37483
You can be notified by stack.watch whenever vulnerabilities like CVE-2023-37483 are published in these products:
What versions of Powerdesigner are vulnerable to CVE-2023-37483?
- SAP Powerdesigner Version 16.7