PT-2023-7892 · Sap · Sap Btp Security Services Integration Library

Rosenblueh

Published

2023-12-11

Updated

2024-09-28

CVE-2023-50424

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions SAP BTP Security Services Integration Library versions < 0.17.0

Description The issue allows an unauthenticated attacker to obtain arbitrary permissions within the application under certain conditions. This is due to insecure privilege management in the SAP BTP Security Services Integration Library. On successful exploitation, the attacker can escalate privileges.

Recommendations Upgrade to a patched version >= 0.17.0 As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation until a patch is applied.

Fix

IDOR

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-749CWE-269

Related Identifiers

BDU:2023-08963

CVE-2023-50424

GHSA-59C9-PXQ8-9C73

GHSA-92CG-GHQ6-9587

GHSA-M8RW-RCPQ-2VP2

GO-2023-2400

Affected Products

Sap Btp Security Services Integration Library

PT-2023-7892 · Sap · Sap Btp Security Services Integration Library

CVE-2023-50424

Weakness Enumeration

Related Identifiers

Affected Products

References · 27