9.8

CVE-2023-50422

Escalation of Privileges in SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library)

SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAPCloud-security-services-integration-library SwPlatformjava Version < 2.17.0
SAPCloud-security-services-integration-library SwPlatformjava Version >= 3.0.0 < 3.3.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.36% 0.68
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@sap.com 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE-749 Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory
https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
Vendor Advisory
https://me.sap.com/notes/3411067
Permissions Required
https://me.sap.com/notes/3413475
https://github.com/SAP/cloud-security-services-integration-library/
Product
https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
Vendor Advisory
https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa
Product
https://mvnrepository.com/artifact/com.sap.cloud.security/java-security
Product
https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security
Product