Lucene search

K
nvd[email protected]NVD:CVE-2023-40310
HistoryOct 10, 2023 - 2:15 a.m.

CVE-2023-40310

2023-10-1002:15:10
CWE-112
web.nvd.nist.gov
5
sap powerdesigner
xml validation
vulnerability
version 16.7
bpmn2
untrusted source.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

34.5%

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.

Affected configurations

Nvd
Node
sappowerdesignerMatch16.7
VendorProductVersionCPE
sappowerdesigner16.7cpe:2.3:a:sap:powerdesigner:16.7:*:*:*:*:*:*:*

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

34.5%

Related for NVD:CVE-2023-40310