SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.
History

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 26 Sep 2024 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Thu, 26 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Description SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory. SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.
Weaknesses CWE-327

cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2023-08-08T00:40:36.427Z

Updated: 2024-10-10T19:28:52.145Z

Reserved: 2023-07-06T14:57:18.507Z

Link: CVE-2023-37484

cve-icon Vulnrichment

Updated: 2024-08-02T17:16:30.284Z

cve-icon NVD

Status : Modified

Published: 2023-08-08T01:15:17.627

Modified: 2024-11-21T08:11:48.527

Link: CVE-2023-37484

cve-icon Redhat

No data.