Rosenblueh

#9666of 53,632
28.6Total CVSS
Vulnerabilities · 3
Critical
3
PT-2023-7890
9.4
2023-12-11
Sap · Sap Btp Security Services Integration Library · CVE-2023-50422
**Name of the Vulnerable Software and Affected Versions** SAP BTP Security Services Integration Library versions below 2.17.0 SAP BTP Security Services Integration Library versions from 3.0.0 to before 3.3.0 **Description** The issue is related to insecure privilege management in the SAP BTP Security Services Integration Library, allowing an unauthenticated attacker to obtain arbitrary permissions within the application under certain conditions. On successful exploitation, this can lead to an escalation of privileges. **Recommendations** For versions below 2.17.0, upgrade to version 2.17.0 or later. For versions from 3.0.0 to before 3.3.0, upgrade to version 3.3.0 or later. It is recommended to upgrade to the latest released version to ensure all security patches are applied.
PT-2023-7891
9.8
2023-12-11
Sap · Sap-Xssec · CVE-2023-50423
**Name of the Vulnerable Software and Affected Versions** SAP BTP Security Services Integration Library (Python sap-xssec) versions < 4.1.0 **Description** The issue is related to insecure privilege management in the SAP XS Advanced sap-xssec library, which is part of the SAP Business Technology Platform (BTP). This allows an unauthenticated attacker to escalate privileges under certain conditions, obtaining arbitrary permissions within the application. **Recommendations** Upgrade to a patched version >= 4.1.0 It is recommended to upgrade to the latest released version to ensure the issue is fully resolved. No workarounds are available for this issue.
PT-2023-7892
9.4
2023-12-11
Sap · Sap Btp Security Services Integration Library · CVE-2023-50424
**Name of the Vulnerable Software and Affected Versions** SAP BTP Security Services Integration Library versions < 0.17.0 **Description** The issue allows an unauthenticated attacker to obtain arbitrary permissions within the application under certain conditions. This is due to insecure privilege management in the SAP BTP Security Services Integration Library. On successful exploitation, the attacker can escalate privileges. **Recommendations** Upgrade to a patched version >= 0.17.0 As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation until a patch is applied.