CVE-2023-37484

MEDIUM

SAP PowerDesigner 16.7 - Use of a Broken or Risky Cryptographic Algorithm

Title source: llm

Description

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3341460

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 5.3

EPSS 0.0023

EPSS Percentile 45.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-327

Status published

Products (1)

sap/powerdesigner 16.7

Published Aug 08, 2023

Tracked Since Feb 18, 2026