Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-50422

SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

Published

2023-12-12T02:15:08.587

Last Modified

2024-11-21T08:36:57.380

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Secondary
CWE-749

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	cloud-security-services-integration-library	< 2.17.0	Yes
Application	sap	cloud-security-services-integration-library	< 3.3.0	Yes

References

https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/ Vendor Advisory ([email protected])
https://github.com/SAP/cloud-security-services-integration-library/ Product ([email protected])
https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73 Vendor Advisory ([email protected])
https://me.sap.com/notes/3411067 Permissions Required ([email protected])
https://me.sap.com/notes/3413475 ([email protected])
https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa Product ([email protected])
https://mvnrepository.com/artifact/com.sap.cloud.security/java-security Product ([email protected])
https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security Product ([email protected])
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory ([email protected])
https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/SAP/cloud-security-services-integration-library/ Product (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://me.sap.com/notes/3411067 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://me.sap.com/notes/3413475 (af854a3a-2127-422b-91ae-364da2661108)
https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa Product (af854a3a-2127-422b-91ae-364da2661108)
https://mvnrepository.com/artifact/com.sap.cloud.security/java-security Product (af854a3a-2127-422b-91ae-364da2661108)
https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security Product (af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)