5 matches found
com.sap.cds:cds-starter-cloudfoundry (>=1.19.0 <=1.34.7), com.sap.cds:cds-starter-k8s (>=1.34.0 <=1.34.7) +4 more potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security.xsuaa:spring-xsuaa (>=1.3.0 <=2.16.0)
com.sap.cloud.security.xsuaa:spring-xsuaa MAVEN version =1.3.0, =1.19.0, =1.34.0, =2.11.16, =2.10.0, =1.3.0, =1.6.0, =2.16.0 Source cves: CVE-2023-50422, CVE-2023-50424 Source advisory: OSV:GHSA-59C9-PXQ8-9C73...
GHSA-59C9-PXQ8-9C73 Improper JWT Signature Validation in SAP Security Services Library
Impact SAP BTP Security Services Integration Library Java cloud-security-services-integration-library allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. Patches Upgrade to...
Improper JWT Signature Validation in SAP Security Services Library
Impact SAP BTP Security Services Integration Library Java cloud-security-services-integration-library allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. Patches Upgrade to...
CVE-2023-50422 Escalation of Privileges in SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library)
SAP BTP Security Services Integration Library Java cloud-security-services-integration-library - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary...
CVE-2023-50422
CVE-2023-50422 concerns the SAP BTP Security Services Integration Library (Java) where versions below 2.17.0 and 3.0.0–before 3.3.0 allow privilege escalation under certain conditions. The root cause is insufficient permission checks in the library, enabling an unauthenticated attacker to obtain ...