CVE-2023-49583

Summary

SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SE@sap/xssec< 3.6.0affected

Weaknesses

  • CWE-749: CWE-749: Exposed Dangerous Method or Function

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References