What is the severity of CVE-2023-50422?

CVE-2023-50422 has not been assigned a specific severity score as it is a duplicate advisory.

How do I fix CVE-2023-50422?

To resolve CVE-2023-50422, update to version 2.17.0 or later, or to version 3.3.0 of the SAP Cloud Security Services Integration Library.

Which SAP software is affected by CVE-2023-50422?

CVE-2023-50422 affects the SAP Cloud Security Services Integration Library in versions prior to 2.17.0 and between 3.0.0 and 3.3.0.

Is CVE-2023-50422 a critical vulnerability?

CVE-2023-50422 itself does not have a critical designation as it is a duplicate advisory.

What should I do if I cannot update my software for CVE-2023-50422?

If you cannot update, evaluate the risk and implement compensating controls to mitigate exposure associated with CVE-2023-50422.

Vulnerability/
CVE-2023-50422

critical

9.8

CWE

269 639 749

12/12/2023

30/9/2024

CVE-2023-50422: Escalation of Privileges in SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library)

First published: Tue Dec 12 2023(Updated: )

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-59c9-pxq8-9c73. This link is maintained to preserve external references. ## Original Description SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
maven/com.sap.cloud.security:spring-security	>=3.0.0<3.3.0	3.3.0
maven/com.sap.cloud.security:spring-security	<2.17.0	2.17.0
maven/com.sap.cloud.security.xsuaa:spring-xsuaa	>=3.0.0<3.3.0	3.3.0
maven/com.sap.cloud.security.xsuaa:spring-xsuaa	<2.17.0	2.17.0
maven/com.sap.cloud.security:java-security	>=3.0.0<3.3.0	3.3.0
maven/com.sap.cloud.security:java-security	<2.17.0	2.17.0
SAP Cloud Security Services Integration Library	<2.17.0
SAP Cloud Security Services Integration Library	>=3.0.0<3.3.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-50422?
CVE-2023-50422 has not been assigned a specific severity score as it is a duplicate advisory.
How do I fix CVE-2023-50422?
To resolve CVE-2023-50422, update to version 2.17.0 or later, or to version 3.3.0 of the SAP Cloud Security Services Integration Library.
Which SAP software is affected by CVE-2023-50422?
CVE-2023-50422 affects the SAP Cloud Security Services Integration Library in versions prior to 2.17.0 and between 3.0.0 and 3.3.0.
Is CVE-2023-50422 a critical vulnerability?
CVE-2023-50422 itself does not have a critical designation as it is a duplicate advisory.
What should I do if I cannot update my software for CVE-2023-50422?
If you cannot update, evaluate the risk and implement compensating controls to mitigate exposure associated with CVE-2023-50422.

agent/type
agent/first-publish-date
agent/softwarecombine
agent/title
agent/severity
collector/the-register
source/The Register
alias/CVE-2024-20674
alias/CVE-2024-20700
alias/CVE-2023-49583
alias/CVE-2023-50422
alias/CVE-2023-20193
alias/CVE-2023-20194
collector/mitre-cve
source/MITRE
agent/weakness
collector/github-advisory-latest
source/GitHub
alias/GHSA-gcgw-q47m-prvj
agent/software-canonical-lookup
agent/event
alias/GHSA-59c9-pxq8-9c73
agent/last-modified-date
agent/references
collector/github-advisory
agent/description
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-api
agent/author
package-manager/maven
vendor/sap
canonical/sap cloud security services integration library
version/sap cloud security services integration library/3.0.0