← Back

CVE-2023-50422

nvd nist
Published: Dec 12, 2023Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

Affected (2)

Sap
1 product
Cloud Security Services Integration Library
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Cloud Security Services Integration Library
Before 2.17.0
Cloud Security Services Integration Library
From 3.0.0 to 3.3.0

Related CWEs

CWE-749
Exposed Dangerous Method or Function
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References (18)

Source: cna@sap.com
Vendor Advisory
Source: cna@sap.com
Product
Source: cna@sap.com
Vendor Advisory
Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Source: cna@sap.com
Product
Source: cna@sap.com
Product
Source: cna@sap.com
Product
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.