CVE-2023-40310 | Missing XML Validation vulnerability in SAP PowerDesigner Client BPMN2 import
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.
Conclusion & alert: CVE-2023-40310 is rated Moderate Risk (44.5/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.80%).Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2023-40310
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).