Unrated severityNVD Advisory· Published Sep 12, 2023· Updated Sep 25, 2024
Code Injection vulnerability in SAP PowerDesigner Client
CVE-2023-40621
Description
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default.
Affected products
2= 16.7+ 1 more
- (no CPE)range: = 16.7
- (no CPE)range: 16.7
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.