CVE-2022-31590 The SAP PowerDesigner Proxy 16.7 has a write/create program file bug that allows an attacker with low privileges and local access to write files on system disk root path. This could be exploited to elevate privileges.

CVE-2022-31590 The SAP PowerDesigner Proxy 16.7 has a write/create program file bug that allows an attacker with low privileges and local access to write files on system disk root path. This could be exploited to elevate privileges.

SAP PowerDesigner Proxy - version 16.7 has XSS via pathname in proxy settings via specially crafted URL. An attacker with low privileges and has local access, could trick a user into visiting a specially crafted URL, which could then inject arbitrary JavaScript code into the context of the front-end application. This JavaScript code could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. SAP PowerDesigner Proxy - version 16.7 has XSS via pathname in proxy settings via specially crafted URL. An attacker with low privileges and has local access, could trick a user into visiting a specially crafted URL, which could then inject arbitrary JavaScript code into the context of the front-end application. This JavaScript code could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. CVE-2018-16861 has been discovered in SAP PowerDesigner Proxy - version 16.7. This vulnerability is due to the lack of proper validation of user-supplied input

SAP PowerDesigner Proxy - version 16.7 Assignee Information

SAP PowerDesigner Proxy - version 16.7 has XSS via pathname in proxy settings via specially crafted URL. An attacker with low privileges and has local access, could trick a user into visiting a specially crafted URL, which could then inject arbitrary JavaScript code into the context of the front-end application. This JavaScript code could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe