CVE-2023-40310

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-112
View all →

Vulnerability Description

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.

Related Vulnerabilities

CVE-2022-28213

HIGH
CVSS:8.1(High)

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, whi...

CWE-1122022

CVE-2020-1975

HIGH
CVSS:8.8(High)

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This iss...

CWE-1122020

CVE-2021-1359

HIGH
CVSS:8.8(High)

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privilege...

CWE-1122021

CVE-2020-1975

HIGH
CVSS:8.8(High)

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This iss...

CWE-1122020

CVE-2021-1359

HIGH
CVSS:8.8(High)

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privilege...

CWE-1122021

CVE-2022-28213

HIGH
CVSS:8.1(High)

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, whi...

CWE-1122022