49 matches found
CVE-2023-50424
SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go - versions 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
EUVD-2023-3253
Malicious code in bioql PyPI...
EUVD-2023-3112
Malicious code in bioql PyPI...
EUVD-2023-0233
Malicious code in bioql PyPI...
EUVD-2023-3245
Malicious code in bioql PyPI...
SAP Cloud Connector 2.16.1 Missing Validation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Tolerating Self-Signed Certificates product: SAP® Cloud Connector vulnerable version: 2.15.0 - 2.16.1 Portable and Installer fixed version: 2.16.2 Portable and Installer...
SAP BTP Python Library sap-xssec < 4.1.0 Privilege Escalation
The detected version of SAP BTP python package, sap-xssec, is prior to version 4.1.0. It is, therefore, affected by a privilege escalation vulnerability. An unauthenticated, remote attacker can exploit this to gain arbitrary permissions within the applicaiton. Note that Nessus has not tested for...
Privilege Escalation
SAP BTP Security Services Integration Library is vulnerable to Privilege Escalation. The vulnerability exists due to the lack of permission checks in the library, enabling an attacker to obtain arbitrary permissions within the application under certain conditions...
Improper Privilege Management in sap-xssec
Impact SAP BTP Security Services Integration Library Python sap-xssec allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. Patches Upgrade to patched version = 4.1.0 We always...
GHSA-6MJG-37CP-42X5 Improper Privilege Management in sap-xssec
Impact SAP BTP Security Services Integration Library Python sap-xssec allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. Patches Upgrade to patched version = 4.1.0 We always...
GHSA-M8RW-RCPQ-2VP2 Improper Privilege Management in github.com/sap/cloud-security-client-go
Impact SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. Patches Upgrade to...
Improper Privilege Management in github.com/sap/cloud-security-client-go
Impact SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. Patches Upgrade to...
Improper JWT Signature Validation in SAP Security Services Library
Impact SAP BTP Security Services Integration Library Java cloud-security-services-integration-library allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. Patches Upgrade to...
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m8rw-rcpq-2vp2. This link is maintained to preserve external references. Original Description SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go - versions 0.17.0, allow...
GHSA-P99H-PFG6-QRFG Duplicate Advisory: Privilege escalation in sap-xssec
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6mjg-37cp-42x5. This link is maintained to preserve external references. Original Description SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an...
Duplicate Advisory: Privilege escalation in sap-xssec
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6mjg-37cp-42x5. This link is maintained to preserve external references. Original Description SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an...
GHSA-P2VX-QJ66-88Q3 Escalation of privileges in @sap/xssec
SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
Escalation of privileges in @sap/xssec
SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
CVE-2023-50424
SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go - versions 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
CVE-2023-50424
SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go - versions 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...