CVE-2023-40310

CWE-1123 documents3 sources
Severity
7.5HIGH
EPSS
0.3%
top 49.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Powerdesigner ClientSAP Powerdesigner
Timeline
PublishedOct 10

Description

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-4wqh-m4m9-qjm8: SAP PowerDesigner Client - version 162023-10-10
CVEList
Missing XML Validation vulnerability in SAP PowerDesigner Client BPMN2 import2023-10-10
CVE-2023-40310 (HIGH CVSS 7.5) | SAP PowerDesigner Client - version | cvebase.io