SAP Knowledge Base Article - Preview

3372507 - Security auditing reports CWE-427 Uncontrolled Search Path Element - SAP PD


  • Security scanning tool may report the following vulnerability: CWE-427 - Uncontrolled Search Path Element.
  • At startup, PD attempts to load the msdia100.dll file.
  • Because this file is not present in the installation, the client will search the PATH until it finds it.
  • If an attacker places a DLL with the same name in the path to run hacking tools, PD will load and execute it.



SAP PowerDesigner (PD) 16.7


SAP PowerDesigner 16.7


Visual, C++, VC++, CR828356, CR#828356, 828356 , KBA , BC-SYB-PD , PowerDesigner , Known Error

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.