Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2023/12/13 1:33 p.m.5 views

com.sap.cds:cds-starter-cloudfoundry (>=1.19.0 <=1.34.7), com.sap.cds:cds-starter-k8s (>=1.34.0 <=1.34.7) +4 more potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security.xsuaa:spring-xsuaa (>=1.3.0 <=2.16.0)

com.sap.cloud.security.xsuaa:spring-xsuaa MAVEN version =1.3.0, =1.19.0, =1.34.0, =2.11.16, =2.10.0, =1.3.0, =1.6.0, =2.16.0 Source cves: CVE-2023-50422, CVE-2023-50424 Source advisory: OSV:GHSA-59C9-PXQ8-9C73...

9.8CVSS7.2AI score0.01355EPSS
Exploits0
OSV
OSV
added 2023/12/13 1:33 p.m.30 views

GHSA-59C9-PXQ8-9C73 Improper JWT Signature Validation in SAP Security Services Library

Impact SAP BTP Security Services Integration Library Java cloud-security-services-integration-library allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. Patches Upgrade to...

9.3CVSS9.7AI score0.01355EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2023/12/13 1:33 p.m.27 views

Improper JWT Signature Validation in SAP Security Services Library

Impact SAP BTP Security Services Integration Library Java cloud-security-services-integration-library allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. Patches Upgrade to...

9.8CVSS7.4AI score0.01355EPSS
Exploits0References13Affected Software3
Cvelist
Cvelist
added 2023/12/12 1:31 a.m.27 views

CVE-2023-50422 Escalation of Privileges in SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library)

SAP BTP Security Services Integration Library Java cloud-security-services-integration-library - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary...

9.1CVSS9.9AI score0.01355EPSS
Exploits0References9
CVE
CVE
added 2023/12/12 1:31 a.m.55 views

CVE-2023-50422

CVE-2023-50422 concerns the SAP BTP Security Services Integration Library (Java) where versions below 2.17.0 and 3.0.0–before 3.3.0 allow privilege escalation under certain conditions. The root cause is insufficient permission checks in the library, enabling an unauthenticated attacker to obtain ...

9.8CVSS9.7AI score0.01355EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder