CVE-2023-40621
Last modified
CVE-2023-40621 is a medium-severity vulnerability rated 6.3/10 on the CVSS scale. SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default.. EPSS estimates a 0.65% chance of exploitation in the next 30 days.
Description
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Powerdesigner | 16.7 |
References
- https://me.sap.com/notes/3357163Permissions Required
- https://me.sap.com/notes/3357163Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-40621?
How severe is CVE-2023-40621?
How do I fix CVE-2023-40621?
Are you affected by CVE-2023-40621?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST