CVE-2023-50423

Name of the Vulnerable Software and Affected Versions SAP BTP Security Services Integration Library (Python sap-xssec) versions < 4.1.0

Description The issue is related to insecure privilege management in the SAP XS Advanced sap-xssec library, which is part of the SAP Business Technology Platform (BTP). This allows an unauthenticated attacker to escalate privileges under certain conditions, obtaining arbitrary permissions within the application.

Recommendations Upgrade to a patched version >= 4.1.0 It is recommended to upgrade to the latest released version to ensure the issue is fully resolved. No workarounds are available for this issue.