PT-2023-7892 · Sap · Sap Btp Security Services Integration Library

Rosenblueh

Publicado

2023-12-11

Atualizado

2024-09-28

CVE-2023-50424

CVSS v2.0

9.4

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions SAP BTP Security Services Integration Library versions < 0.17.0

Description The issue allows an unauthenticated attacker to obtain arbitrary permissions within the application under certain conditions. This is due to insecure privilege management in the SAP BTP Security Services Integration Library. On successful exploitation, the attacker can escalate privileges.

Recommendations Upgrade to a patched version >= 0.17.0 As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation until a patch is applied.

Correção

IDOR

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-639CWE-749CWE-269

Identificadores relacionados

BDU:2023-08963

CVE-2023-50424

GHSA-59C9-PXQ8-9C73

GHSA-92CG-GHQ6-9587

GHSA-M8RW-RCPQ-2VP2

GO-2023-2400

Produtos afetados

Sap Btp Security Services Integration Library

PT-2023-7892 · Sap · Sap Btp Security Services Integration Library

CVE-2023-50424

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 27