CVE-2023-49583

Name of the Vulnerable Software and Affected Versions SAP BTP Security Services Integration Library (@sap/xssec) versions < 3.6.0

Description The issue is related to insecure privilege management in the SAP XS Advanced sap/xssec library, which is part of the SAP Business Technology Platform (BTP). This allows an unauthenticated attacker to escalate privileges under certain conditions, obtaining arbitrary permissions within the application.

Recommendations For versions < 3.6.0, update to version 3.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.