Veracode Vulnerability DatabaseVERACODE:44676Improper Privilege Management
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.5%
sap-xssec is vulnerable to Improper Privilege Management. The vulnerability arises due to the lack of permission checks in the library. This allows an attacker to gain arbitrary permissions within the application under specific conditions, resulting in privilege escalation.
References
blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
github.com/advisories/GHSA-6mjg-37cp-42x5
github.com/SAP/cloud-pysec/
github.com/SAP/cloud-pysec/commit/0c554829c8fecd6dec77c1c3af2bbf316eba8c60
github.com/SAP/cloud-pysec/security/advisories/GHSA-6mjg-37cp-42x5
me.sap.com/notes/3411067
pypi.org/project/sap-xssec/
www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.5%