CVE-2023-40310

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 10, 2023

Updated: Oct 11, 2023

CWE ID 112

Summary

CVE-2023-40310: SAP PowerDesigner Client version 16.7 fails to validate BPMN2 XML documents imported from untrusted sources. Unused URLs of external entities in these files are accessed during import, posing a risk of impacting the availability of SAP PowerDesigner Client. Attackers could exploit this vulnerability by manipulating BPMN2 XML documents to execute unintended actions or gain unauthorized access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

PowerDesigner

Affected Vendors

SAP SE

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sVnMSb
https://www.cve.org/CVERecord?id=CVE-2023-40310
https://nvd.nist.gov/vuln/detail/CVE-2023-40310

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners