SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
References
Configurations
Configuration 1 (hide)
|
History
09 Jan 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Dec 2023, 16:53
Type | Values Removed | Values Added |
---|---|---|
First Time |
Sap cloud-security-services-integration-library
|
|
CPE | cpe:2.3:a:sap:cloud-security-services-integration-library:*:*:*:*:*:java:*:* |
14 Dec 2023, 19:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sap:btp_security_services_integration_library:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Sap
Sap btp Security Services Integration Library |
|
References | () https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/ - Vendor Advisory | |
References | () https://github.com/SAP/cloud-security-services-integration-library/ - Product | |
References | () https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73 - Vendor Advisory | |
References | () https://me.sap.com/notes/3411067 - Permissions Required | |
References | () https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa - Product | |
References | () https://mvnrepository.com/artifact/com.sap.cloud.security/java-security - Product | |
References | () https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security - Product | |
References | () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory |
12 Dec 2023, 13:43
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
12 Dec 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-269 | |
References |
|
12 Dec 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-12 02:15
Updated : 2024-01-09 02:15
NVD link : CVE-2023-50422
Mitre link : CVE-2023-50422
CVE.ORG link : CVE-2023-50422
JSON object : View
Products Affected
sap
- cloud-security-services-integration-library
CWE
CWE-269
Improper Privilege Management