VYPR
Unrated severityNVD Advisory· Published Sep 12, 2023· Updated Sep 25, 2024

Code Injection vulnerability in SAP PowerDesigner Client

CVE-2023-40621

Description

SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.