CVE-2023-50422 Information
Description
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0 allow under certain conditions an escalation of privileges. On successful exploitation an unauthenticated attacker can obtain arbitrary permissions within the application.
Reference
https://me.sap.com/notes/3411067 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html https://github.com/SAP/cloud-security-services-integration-library/ https://mvnrepository.com/artifact/com.sap.cloud.security/java-security https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/ https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
Share on: