SAP Knowledge Base Article - Preview

3372507 - Security auditing reports CWE-427 Uncontrolled Search Path Element - SAP PD

Symptom

  • Security scanning tool may report the following vulnerability: CWE-427 - Uncontrolled Search Path Element.
  • At startup, PD attempts to load the msdia100.dll file.
  • Because this file is not present in the installation, the client will search the PATH until it finds it.
  • If an attacker places a DLL with the same name in the path to run hacking tools, PD will load and execute it.


Read more...

Environment

SAP PowerDesigner (PD) 16.7

Product

SAP PowerDesigner 16.7

Keywords

Visual, C++, VC++, CR828356, CR#828356, 828356 , KBA , BC-SYB-PD , PowerDesigner , Known Error

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.