CVE-2023-50422
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | cloud-security-services-integration-library | < 2.17.0 | affected |
| SAP_SE | cloud-security-services-integration-library | 3.0.0 < 3.3.0 | affected |
Weaknesses
- CWE-749: CWE-749: Exposed Dangerous Method or Function
ADP Enrichment
CVE Program Container
Additional References
- https://me.sap.com/notes/3411067
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
- https://github.com/SAP/cloud-security-services-integration-library/
- https://mvnrepository.com/artifact/com.sap.cloud.security/java-security
- https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security
- https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa
- https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
- https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
- https://me.sap.com/notes/3413475
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://me.sap.com/notes/3411067
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
- https://github.com/SAP/cloud-security-services-integration-library/
- https://mvnrepository.com/artifact/com.sap.cloud.security/java-security
- https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security
- https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa
- https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
- https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
- https://me.sap.com/notes/3413475
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.