Lucene search

[email protected]CVE-2023-40310

HistoryOct 10, 2023 - 2:15 a.m.

CVE-2023-40310

2023-10-1002:15:10

CWE-112

[email protected]

web.nvd.nist.gov

sap

powerdesigner

client

version 16.7

validate

bpmn2

xml

untrusted source

availability

impact

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.

Affected configurations

NVD

Node

sappowerdesignerMatch16.7

CPENameOperatorVersion
sap:powerdesignersap powerdesignereq16.7

CPE	Name	Operator	Version
sap:powerdesigner	sap powerdesigner	eq	16.7

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP PowerDesigner Client",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "16.7"
      }
    ]
  }
]

References

me.sap.com/notes/3357154

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVE-2023-40310

nvd1 prion1 cvelist1