cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-40310,https://securityvulnerability.io/vulnerability/CVE-2023-40310,Missing XML Validation vulnerability in SAP PowerDesigner Client BPMN2 import,"SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.

",SAP,SAP Powerdesigner Client,6.5,MEDIUM,0.0008800000068731606,false,false,false,false,,false,false,2023-10-10T02:15:00.000Z,0
CVE-2023-40621,https://securityvulnerability.io/vulnerability/CVE-2023-40621,Code Injection vulnerability in SAP PowerDesigner Client,"SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default.",SAP,SAP PowerDesigner Client,6.3,MEDIUM,0.000859999970998615,false,false,false,false,,false,false,2023-09-12T03:15:00.000Z,0