Lucene search

[email protected]NVD:CVE-2023-40310

HistoryOct 10, 2023 - 2:15 a.m.

CVE-2023-40310

2023-10-1002:15:10

CWE-112

[email protected]

web.nvd.nist.gov

sap powerdesigner

xml validation

vulnerability

version 16.7

bpmn2

untrusted source.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

23.6%

JSON

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.

Affected configurations

Nvd

Node

sappowerdesignerMatch16.7

VendorProductVersionCPE
sappowerdesigner16.7cpe:2.3:a:sap:powerdesigner:16.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	powerdesigner	16.7	cpe:2.3:a:sap:powerdesigner:16.7:::::::*

References

me.sap.com/notes/3357154

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

23.6%

JSON

Related for NVD:CVE-2023-40310

prion1 cvelist1 cve1 vulnrichment1