SAP Knowledge Base Article - Preview

3304147 - How to fix security vulnerability CVE-2022-43548 - SAP PD

Symptom

  • Security scanning tool may report vulnerability CVE-2022-43548.
  • Description is:
    A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
    The fix for this issue in CVE-2022-32212 was incomplete and this new CVE is to complete the fix.


Read more...

Environment

SAP PowerDesigner (PD) Web 16.7

Product

SAP PowerDesigner 16.7

Keywords

KBA , BC-SYB-PD , PowerDesigner , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.