Search criteria
2 vulnerabilities found for cloud-security-services-integration-library by SAP_SE
CVE-2023-50422 (GCVE-0-2023-50422)
Vulnerability from cvelistv5 – Published: 2023-12-12 01:31 – Updated: 2024-09-28 22:17
VLAI?
Summary
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
Severity ?
9.1 (Critical)
CWE
- CWE-749 - Exposed Dangerous Method or Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | cloud-security-services-integration-library |
Affected:
< 2.17.0
Affected: 3.0.0 , < 3.3.0 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://me.sap.com/notes/3411067"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/SAP/cloud-security-services-integration-library/"
},
{
"tags": [
"x_transferred"
],
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security/java-security"
},
{
"tags": [
"x_transferred"
],
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security"
},
{
"tags": [
"x_transferred"
],
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa"
},
{
"tags": [
"x_transferred"
],
"url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73"
},
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/3413475"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "cloud-security-services-integration-library",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "\u003c 2.17.0"
},
{
"lessThan": "3.3.0",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP\u00a0BTP\u00a0Security Services Integration Library ([Java] cloud-security-services-integration-library) -\u00a0versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.\u003c/p\u003e"
}
],
"value": "SAP\u00a0BTP\u00a0Security Services Integration Library ([Java] cloud-security-services-integration-library) -\u00a0versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-28T22:17:43.519Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://me.sap.com/notes/3411067"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"url": "https://github.com/SAP/cloud-security-services-integration-library/"
},
{
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security/java-security"
},
{
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security"
},
{
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa"
},
{
"url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73"
},
{
"url": "https://me.sap.com/notes/3413475"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Escalation of Privileges in\u00a0SAP\u00a0BTP\u00a0Security Services Integration Library ([Java]\u00a0cloud-security-services-integration-library)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-50422",
"datePublished": "2023-12-12T01:31:17.991Z",
"dateReserved": "2023-12-09T17:19:02.677Z",
"dateUpdated": "2024-09-28T22:17:43.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50422 (GCVE-0-2023-50422)
Vulnerability from nvd – Published: 2023-12-12 01:31 – Updated: 2024-09-28 22:17
VLAI?
Summary
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
Severity ?
9.1 (Critical)
CWE
- CWE-749 - Exposed Dangerous Method or Function
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | cloud-security-services-integration-library |
Affected:
< 2.17.0
Affected: 3.0.0 , < 3.3.0 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://me.sap.com/notes/3411067"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/SAP/cloud-security-services-integration-library/"
},
{
"tags": [
"x_transferred"
],
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security/java-security"
},
{
"tags": [
"x_transferred"
],
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security"
},
{
"tags": [
"x_transferred"
],
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa"
},
{
"tags": [
"x_transferred"
],
"url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73"
},
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/3413475"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "cloud-security-services-integration-library",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "\u003c 2.17.0"
},
{
"lessThan": "3.3.0",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP\u00a0BTP\u00a0Security Services Integration Library ([Java] cloud-security-services-integration-library) -\u00a0versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.\u003c/p\u003e"
}
],
"value": "SAP\u00a0BTP\u00a0Security Services Integration Library ([Java] cloud-security-services-integration-library) -\u00a0versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-28T22:17:43.519Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://me.sap.com/notes/3411067"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"url": "https://github.com/SAP/cloud-security-services-integration-library/"
},
{
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security/java-security"
},
{
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security"
},
{
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa"
},
{
"url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73"
},
{
"url": "https://me.sap.com/notes/3413475"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Escalation of Privileges in\u00a0SAP\u00a0BTP\u00a0Security Services Integration Library ([Java]\u00a0cloud-security-services-integration-library)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-50422",
"datePublished": "2023-12-12T01:31:17.991Z",
"dateReserved": "2023-12-09T17:19:02.677Z",
"dateUpdated": "2024-09-28T22:17:43.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}