CVE-2023-50422

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-50422

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50422.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-50422

Aliases

GHSA-59c9-pxq8-9c73

Published

2023-12-12T02:15:08Z

Modified

2024-09-30T19:12:13.137511Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

References

Affected packages

Git / github.com/sap/cloud-security-services-integration-library

Affected ranges

Type: GIT
Repo: https://github.com/sap/cloud-security-services-integration-library
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ea528d2d72109579d4017cfc5de2dd2324f99892

Affected versions

1.*

1.1.0

1.2.0

1.3.0

1.3.1

1.4.0

1.5.0

1.6.0

1.7.0

2.*

2.0.0

2.1.0

2.10.0

2.10.1

2.10.2

2.10.3

2.10.4

2.10.5

2.11.0

2.11.1

2.11.10

2.11.11

2.11.12

2.11.13

2.11.14

2.11.15

2.11.16

2.11.2

2.11.3

2.11.4

2.11.5

2.11.6

2.11.7

2.11.8

2.11.9

2.12.0

2.12.1

2.12.2

2.12.3

2.13.0

2.13.1

2.13.2

2.13.3

2.13.4

2.13.5

2.13.6

2.13.7

2.13.8

2.13.9

2.14.0

2.14.1

2.14.2

2.15.0

2.16.0

2.2.0

2.3.0

2.4.0-SNAPSHOT

2.4.1-SNAPSHOT

2.4.2-SNAPSHOT

2.4.4

2.4.5

2.5.0

2.5.1

2.5.2

2.5.3

2.6.0

2.6.1

2.6.2

2.7.1

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.8.0

2.8.1

2.8.10

2.8.11

2.8.12

2.8.13

2.8.2

2.8.3

2.8.5

2.8.6

2.8.7

2.8.8

2.8.9

2.9.0

BETA-0.*

BETA-0.1.0

BETA-0.1.6