CVE-2023-50422

SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/	Vendor Advisory
https://github.com/SAP/cloud-security-services-integration-library/	Product
https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73	Vendor Advisory
https://me.sap.com/notes/3411067	Permissions Required
https://me.sap.com/notes/3413475
https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa	Product
https://mvnrepository.com/artifact/com.sap.cloud.security/java-security	Product
https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security	Product
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory
https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/	Vendor Advisory
https://github.com/SAP/cloud-security-services-integration-library/	Product
https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73	Vendor Advisory
https://me.sap.com/notes/3411067	Permissions Required
https://me.sap.com/notes/3413475
https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa	Product
https://mvnrepository.com/artifact/com.sap.cloud.security/java-security	Product
https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security	Product
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:cloud-security-services-integration-library::::::java::*
	cpe:2.3:a:sap:cloud-security-services-integration-library::::::java::*

History

No history.

Information

Published : 2023-12-12 02:15

Updated : 2024-11-21 08:36

NVD link : CVE-2023-50422

Mitre link : CVE-2023-50422

CVE.ORG link : CVE-2023-50422

JSON object : View

Products Affected

sap

cloud-security-services-integration-library

CWE

CWE-749

Exposed Dangerous Method or Function

9.1 /10