Node.js Module @sap/xssec < 3.6.0 Privilege Escalation

The nodejs module @sap/xssec detected on the host is prior to version 3.6.0. It is, therefore, affected by a privilege escalation vulnerability. An unauthenticated, remote attacker can exploit this to gain arbitrary permissions within the applicaiton. Note that Nessus has not tested for these...

SAP BTP Python Library sap-xssec < 4.1.0 Privilege Escalation

The detected version of SAP BTP python package, sap-xssec, is prior to version 4.1.0. It is, therefore, affected by a privilege escalation vulnerability. An unauthenticated, remote attacker can exploit this to gain arbitrary permissions within the applicaiton. Note that Nessus has not tested for...

Improper Privilege Management

sap-xssec is vulnerable to Improper Privilege Management. The vulnerability arises due to the lack of permission checks in the library. This allows an attacker to gain arbitrary permissions within the application under specific conditions, resulting in privilege escalation...

Improper Privilege Management in sap-xssec

Impact SAP BTP Security Services Integration Library Python sap-xssec allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. Patches Upgrade to patched version = 4.1.0 We always...

@sap-cloud-sdk/core (>=1.48.2-20210910061518.0 <=1.49.1-20210922143656.0), @sap/approuter (>=5.1.0 <=14.4.1) +12 more potentially affected by CVE-2023-49583 via @sap/xssec (>=1.3.0 <=3.5.0)

@sap/xssec NPM version =1.3.0, =1.48.2-20210910061518.0, =5.1.0, =2.2.3, =3.2.0, =0.0.2, =1.9.14, =1.14.1, =2.0.5, =1.0.0, =1.202002.1, =1.1.0, =0.1.92, =0.1.0, =0.4.1 Source cves: CVE-2023-49583 Source advisory: OSV:GHSA-P2VX-QJ66-88Q3...

Escalation of privileges in @sap/xssec

SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

CVE-2023-50423

SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

CVE-2023-50423

SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

CVE-2023-49583

SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

Privilege escalation

SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

Privilege escalation

SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

CVE-2023-50423 Escalation of Privileges in SAP BTP Security Services Integration Library ([Python] cloud-pysec)

SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

CVE-2023-50423

The CVE-2023-50423 entry concerns the SAP BTP Security Services Integration Library, specifically the Python package sap-xssec, versions prior to 4.1.0. Multiple connected sources confirm a privilege-escalation vulnerability where an unauthenticated attacker, via the affected library, can obtain ...

CVE-2023-49583 Escalation of Privileges in SAP BTP Security Services Integration Library ([Node.js] @sap/xssec)

SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...