Missing XML Validation

CVE-2023-40310

Medium

6.5/10

Summary

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-112 - Missing XML Validation

The software accepts XML from an untrusted source but does not validate the XML against the proper schema.

References

Advisory Timeline

Published Oct 10, 2023

Missing XML Validation

CVE-2023-40310

Summary

CWE-112 - Missing XML Validation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS