Vulnerability Details CVE-2023-50423
SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.0%
CVSS Severity
CVSS v3 Score 9.1
References
- https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
- https://github.com/SAP/cloud-pysec/
- https://github.com/SAP/cloud-pysec/security/advisories/GHSA-6mjg-37cp-42x5
- https://me.sap.com/notes/3411067
- https://pypi.org/project/sap-xssec/
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
- https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
- https://github.com/SAP/cloud-pysec/
- https://github.com/SAP/cloud-pysec/security/advisories/GHSA-6mjg-37cp-42x5
- https://me.sap.com/notes/3411067
- https://pypi.org/project/sap-xssec/
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Products affected by CVE-2023-50423
-
cpe:2.3:a:sap:sap-xssec:1.1.8
-
cpe:2.3:a:sap:sap-xssec:2.0.1
-
cpe:2.3:a:sap:sap-xssec:2.0.10
-
cpe:2.3:a:sap:sap-xssec:2.0.11
-
cpe:2.3:a:sap:sap-xssec:2.0.12
-
cpe:2.3:a:sap:sap-xssec:2.0.2
-
cpe:2.3:a:sap:sap-xssec:2.0.3
-
cpe:2.3:a:sap:sap-xssec:2.0.4
-
cpe:2.3:a:sap:sap-xssec:2.0.5
-
cpe:2.3:a:sap:sap-xssec:2.0.6
-
cpe:2.3:a:sap:sap-xssec:2.0.7
-
cpe:2.3:a:sap:sap-xssec:2.0.8
-
cpe:2.3:a:sap:sap-xssec:2.0.9
-
cpe:2.3:a:sap:sap-xssec:2.1.0
-
cpe:2.3:a:sap:sap-xssec:3.0.0
-
cpe:2.3:a:sap:sap-xssec:3.1.0
-
cpe:2.3:a:sap:sap-xssec:3.2.0
-
cpe:2.3:a:sap:sap-xssec:3.3.0
-
cpe:2.3:a:sap:sap-xssec:4.0.0
-
cpe:2.3:a:sap:sap-xssec:4.0.1