Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2023/12/12 3:31 a.m.9 views

@sap-cloud-sdk/core (>=1.48.2-20210910061518.0 <=1.49.1-20210922143656.0), @sap/approuter (>=5.1.0 <=14.4.1) +12 more potentially affected by CVE-2023-49583 via @sap/xssec (>=1.3.0 <=3.5.0)

@sap/xssec NPM version =1.3.0, =1.48.2-20210910061518.0, =5.1.0, =2.2.3, =3.2.0, =0.0.2, =1.9.14, =1.14.1, =2.0.5, =1.0.0, =1.202002.1, =1.1.0, =0.1.92, =0.1.0, =0.4.1 Source cves: CVE-2023-49583 Source advisory: OSV:GHSA-P2VX-QJ66-88Q3...

9.8CVSS7.2AI score0.01085EPSS
Exploits0
NVD
NVD
added 2023/12/12 2:15 a.m.31 views

CVE-2023-49583

SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

9.8CVSS0.01085EPSS
Exploits0References6
CVE
CVE
added 2023/12/12 1:22 a.m.73 views

CVE-2023-49583

The CVE-2023-49583 issue applies to SAP BTP Security Services Integration Library in the Node.js module @sap/xssec (and related SAP modules) when using versions prior to 3.6.0. The root cause is a privilege-escalation flaw that can allow an unauthenticated attacker to obtain arbitrary permissions...

9.8CVSS9.7AI score0.01085EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2023/12/12 1:22 a.m.38 views

CVE-2023-49583 Escalation of Privileges in SAP BTP Security Services Integration Library ([Node.js] @sap/xssec)

SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

9.1CVSS9.9AI score0.01085EPSS
Exploits0References6
Rows per page
Query Builder