CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
41.3%
SAP BTP Security Services Integration Library is vulnerable to Privilege Escalation. The vulnerability exists due to the lack of permission checks in the library, enabling an attacker to obtain arbitrary permissions within the application under certain conditions.
blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
github.com/SAP/cloud-security-services-integration-library/
github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
me.sap.com/notes/3411067
me.sap.com/notes/3413475
mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa
mvnrepository.com/artifact/com.sap.cloud.security/java-security
mvnrepository.com/artifact/com.sap.cloud.security/spring-security
www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html