SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3341460 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2023-08-08T00:40:36.427Z
Updated: 2023-08-08T00:40:36.427Z
Reserved: 2023-07-06T14:57:18.507Z
Link: CVE-2023-37484
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-08-08T01:15:17.627
Modified: 2023-08-09T18:21:40.633
Link: CVE-2023-37484
JSON object: View
Redhat Information
No data.
CWE