First published: Tue Dec 12 2023(Updated: )
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
Credit: cna@sap.com cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
<2.17.0 | ||
>=3.0.0<3.3.0 | ||
Sap Cloud-security-services-integration-library | <2.17.0 | |
Sap Cloud-security-services-integration-library | >=3.0.0<3.3.0 | |
maven/com.sap.cloud.security:spring-security | >=3.0.0<3.3.0 | 3.3.0 |
maven/com.sap.cloud.security:spring-security | <2.17.0 | 2.17.0 |
maven/com.sap.cloud.security.xsuaa:spring-xsuaa | >=3.0.0<3.3.0 | 3.3.0 |
maven/com.sap.cloud.security.xsuaa:spring-xsuaa | <2.17.0 | 2.17.0 |
maven/com.sap.cloud.security:java-security | >=3.0.0<3.3.0 | 3.3.0 |
maven/com.sap.cloud.security:java-security | <2.17.0 | 2.17.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.