/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- A security audit has reported a CVE-2024-27980 vulnerability in PD Web.
- The vulnerability is reported in the April 10, 2024 Security Releases:
Command injection via args parameter of child_process.spawn without shell option enabled on Windows - It is associated with Node.js versions prior to 18.20.2, 20.12.2 and 21.7.3.
Read more...
Environment
SAP PowerDesigner (PD) Web 16.7 SP07 or older
Product
SAP PowerDesigner 16.7
Keywords
portal, cmr, scan, js, weakness, nodejs, CR829590, CR#829590, 829590 , KBA , BC-SYB-PD , PowerDesigner , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)