Lucene search
K

9 matches found

BDU FSTEC
BDU FSTEC
added 2023/12/21 12:0 a.m.7 views

The vulnerability of the authentication library in applications that use the SAP Identity Services (IAS) cloud-security-client-go development, integration, and extension platform for applications in the SAP Business Technology Platform (BTP) environment arises from insecure management of privileges. This allows attackers to escalate their privileges.

The vulnerability of the authentication library in applications that use the SAP Identity Authentication Service IAS on the SAP Business Technology Platform BTP for application development, integration, and expansion involves insecure management of privileges. Exploiting this vulnerability could...

9.4CVSS7.7AI score0.01127EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/12/12 2:15 a.m.5 views

CVE-2023-49583

SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

9.8CVSS7.4AI score0.01085EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/12 1:22 a.m.2 views

CVE-2023-49583 Escalation of Privileges in SAP BTP Security Services Integration Library ([Node.js] @sap/xssec)

SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

9.1CVSS8.9AI score0.01085EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.9 views

PT-2023-7891 · Sap · Sap Btp Security Services Integration Library +1

Name of the Vulnerable Software and Affected Versions: SAP BTP Security Services Integration Library Python sap-xssec versions = 4.1.0 It is recommended to upgrade to the latest released version to ensure the issue is fully resolved. No workarounds are available for this issue...

9.8CVSS7.5AI score0.01109EPSS
Exploits0References17
Github Security Blog
Github Security Blog
added 2021/11/10 4:51 p.m.31 views

Unauthorized access to data in @sap-cloud-sdk/core

Impact This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In some cases, when user information was missing, destinations were cached without user information, allowing other users to retrieve the same destination with its...

5.9CVSS0.6AI score0.01657EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2021/11/05 11:15 p.m.22 views

CVE-2021-41251

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...

5.9CVSS0.01657EPSS
Exploits1References3
OSV
OSV
added 2021/11/05 11:15 p.m.20 views

CVE-2021-41251

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...

5.9CVSS6.6AI score
Exploits0References3
Cvelist
Cvelist
added 2021/11/05 10:50 p.m.24 views

CVE-2021-41251 Possibility to elevate privileges or get unauthorized access to data

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...

5.9CVSS5.9AI score0.01657EPSS
Exploits1References3
CVE
CVE
added 2021/11/05 10:50 p.m.57 views

CVE-2021-41251

The vulnerability CVE-2021-41251 affects the SAP Cloud SDK core used in SAP Business Technology Platform apps, specifically when destination caching is enabled. The root cause is that, in certain versions, cached destinations could be stored without user identity information, allowing other users...

5.9CVSS5.6AI score0.01657EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder