CVE-2023-50422

CVSS V2 None CVSS V3 None

Description

SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

Overview

CVE ID
CVE-2023-50422

Assigner
sap

Vulnerability Status
PUBLISHED

Published Version
2023-12-12T01:31:17.991Z

Last Modified Date
2024-01-09T01:38:42.375Z

Weakness Enumerations

CWE	URL
CWE-269	http://cwe.mitre.org/data/definitions/269.html

References

Reference URL	Reference Tags
https://me.sap.com/notes/3411067	vendor-advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://github.com/SAP/cloud-security-services-integration-library/
https://mvnrepository.com/artifact/com.sap.cloud.security/java-security
https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security
https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa
https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73	vendor-advisory
https://me.sap.com/notes/3413475

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-50422
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50422

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 18:21:01				Added to TrackCVE