Unrated severityNVD Advisory· Published Oct 10, 2023· Updated Sep 18, 2024
Missing XML Validation vulnerability in SAP PowerDesigner Client BPMN2 import
CVE-2023-40310
Description
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.
Affected products
2= 16.7+ 1 more
- (no CPE)range: = 16.7
- (no CPE)range: 16.7
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.