Improper Privilege Management in sap-xssec

Impact

SAP BTP Security Services Integration Library ([Python] sap-xssec) allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

Patches

Upgrade to patched version >= 4.1.0
We always recommend to upgrade to the latest released version.

Workarounds

No workarounds

References

https://vulners.com/cve/CVE-2023-50423