Security Advisory

CVE-2023-40621

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-09-12 02:10:22

Last updated 2024-09-25 15:25:02

Assigner sap

State PUBLISHED

Description

SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default.

← Browse all CVEs View on cve.org ↗