CVE-2023-40621

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Sep 12, 2023

Updated: Sep 13, 2023

CWE ID 94

Summary

CVE-2023-40621 is a vulnerability affecting SAP PowerDesigner Client version 16.7. An attacker can exploit this issue by injecting VBScript code into a document and tricking an unsuspecting user into opening it. Once opened, the application executes the code on behalf of the user, even if the security option to disable or prompt before running untrusted scripts is not set as default. This vulnerability can lead to serious security consequences if exploited successfully.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

PowerDesigner

Affected Vendors

SAP SE

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sYRPyN
https://www.cve.org/CVERecord?id=CVE-2023-40621
https://nvd.nist.gov/vuln/detail/CVE-2023-40621

Back to Vulnerability Database