Every CVE whose affected-product data names Sap Powerdesigner, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2023-37483 — CVSS 9.8 (critical): SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries…
CVE-2023-36923 — CVSS 7.8 (high): SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a…
CVE-2023-40310 — CVSS 6.5 (medium): SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result…
CVE-2023-40621 — CVSS 6.3 (medium): SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an…
CVE-2023-37484 — CVSS 5.3 (medium): SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during…