Sap Se Sap Powerdesigner Client vulnerabilities

CVE-2023-40310 [MEDIUM] CWE-112 CVE-2023-40310: SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.

CVE-2023-40621 [MEDIUM] CWE-94 CVE-2023-40621: SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as defaul