Vulnerabilities > CVE-2023-50423 - Exposed Dangerous Method or Function vulnerability in SAP Sap-XSSec

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sap

CWE-749

critical

NVD

Published: 2023-12-12

Updated: 2024-09-28

Summary

SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP SAP Xssec 1.1.8 SAP SAP Xssec 2.0.1 SAP SAP Xssec 2.0.2 SAP SAP Xssec 2.0.3 SAP SAP Xssec 2.0.4 SAP SAP Xssec 2.0.5 SAP SAP Xssec 2.0.6 SAP SAP Xssec 2.0.7 SAP SAP Xssec 2.0.8 SAP SAP Xssec 2.0.9 SAP SAP Xssec 2.0.10 SAP SAP Xssec 2.0.11 SAP SAP Xssec 2.0.12 SAP SAP Xssec 2.1.0 SAP SAP Xssec 3.0.0 SAP SAP Xssec 3.1.0 SAP SAP Xssec 3.2.0 SAP SAP Xssec 3.3.0 SAP SAP Xssec 4.0.0 SAP SAP Xssec 4.0.1	20

Common Weakness Enumeration (CWE)

CWE-749 - Exposed Dangerous Method or Function

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References