SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
github.com/SAP/cloud-security-services-integration-library/
github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
me.sap.com/notes/3411067
me.sap.com/notes/3413475
mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa
mvnrepository.com/artifact/com.sap.cloud.security/java-security
mvnrepository.com/artifact/com.sap.cloud.security/spring-security
www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html