29 matches found
CVE-2023-50424
SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go - versions 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
EUVD-2023-3245
Malicious code in bioql PyPI...
EUVD-2023-3112
Malicious code in bioql PyPI...
EUVD-2023-0233
Malicious code in bioql PyPI...
EUVD-2023-3253
Malicious code in bioql PyPI...
SAP Cloud Connector 2.16.1 Missing Validation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Tolerating Self-Signed Certificates product: SAP® Cloud Connector vulnerable version: 2.15.0 - 2.16.1 Portable and Installer fixed version: 2.16.2 Portable and Installer...
SAP BTP Python Library sap-xssec < 4.1.0 Privilege Escalation
The detected version of SAP BTP python package, sap-xssec, is prior to version 4.1.0. It is, therefore, affected by a privilege escalation vulnerability. An unauthenticated, remote attacker can exploit this to gain arbitrary permissions within the applicaiton. Note that Nessus has not tested for...
Privilege Escalation
SAP BTP Security Services Integration Library is vulnerable to Privilege Escalation. The vulnerability exists due to the lack of permission checks in the library, enabling an attacker to obtain arbitrary permissions within the application under certain conditions...
GHSA-6MJG-37CP-42X5 Improper Privilege Management in sap-xssec
Impact SAP BTP Security Services Integration Library Python sap-xssec allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. Patches Upgrade to patched version = 4.1.0 We always...
Improper Privilege Management in sap-xssec
Impact SAP BTP Security Services Integration Library Python sap-xssec allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. Patches Upgrade to patched version = 4.1.0 We always...
GHSA-M8RW-RCPQ-2VP2 Improper Privilege Management in github.com/sap/cloud-security-client-go
Impact SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. Patches Upgrade to...
Improper JWT Signature Validation in SAP Security Services Library
Impact SAP BTP Security Services Integration Library Java cloud-security-services-integration-library allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. Patches Upgrade to...
GHSA-P99H-PFG6-QRFG Duplicate Advisory: Privilege escalation in sap-xssec
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6mjg-37cp-42x5. This link is maintained to preserve external references. Original Description SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an...
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m8rw-rcpq-2vp2. This link is maintained to preserve external references. Original Description SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go - versions 0.17.0, allow...
CVE-2023-50424
SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go - versions 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
CVE-2023-50424
SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go - versions 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
Privilege escalation
SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go - versions 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
CVE-2023-50423
SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
CVE-2023-50422
SAP BTP Security Services Integration Library Java cloud-security-services-integration-library - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary...
CVE-2023-49583
SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...