CVE-2023-50422

Summary

SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SEcloud-security-services-integration-library< 2.17.0affected
SAP_SEcloud-security-services-integration-library3.0.0 < 3.3.0affected

Weaknesses

  • CWE-749: CWE-749: Exposed Dangerous Method or Function

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References