CVE-2023-37484: 
SAP PowerDesigner vulnerability analysis and mitigation

SAP PowerDesigner version 16.7 contains a security vulnerability identified as CVE-2023-37484. The vulnerability relates to how the application handles password authentication, where it queries all password hashes in the backend database and compares them with the user-provided one during login attempts. This vulnerability was disclosed in August 2023 and affects SAP PowerDesigner version 16.7 installations (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The technical issue stems from the application's authentication process where it retrieves all password hashes from the backend database during login attempts, potentially exposing these hashes to memory access (NVD).

The primary impact of this vulnerability is the potential exposure of password hashes from the client's memory. This could allow an attacker to access sensitive authentication data, which could be used in further attacks against the system or its users (NVD).

SAP has released security patches to address this vulnerability. Users are advised to apply the available updates as detailed in SAP Security Note 3341460 (SAP Security Note).