CVE-2023-40310

Name of the Vulnerable Software and Affected Versions SAP PowerDesigner Client version 16.7

Description The issue is related to the import function of BPMN files in the Business Process Modeling (BPM) module of the SAP PowerDesigner enterprise architecture modeling tool. It does not sufficiently validate BPMN2 XML documents imported from untrusted sources. As a result, URLs of external entities in the BPMN2 file, although not used, would be accessed during import. A successful attack could impact the availability of the SAP PowerDesigner Client.

Recommendations For SAP PowerDesigner Client version 16.7, consider disabling the import of BPMN2 XML documents from untrusted sources until a patch is available. Restrict access to the BPMN file import function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.