CVE-2023-50424

CRITICAL

SAP BTP Security Services Integration Library < 0.17.0 - Privilege Escalation

Title source: llm
STIX 2.1

Description

SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

References (6)

Core 6

Scores

CVSS v3 9.1
EPSS 0.0113
EPSS Percentile 62.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-749
Status published
Products (2)
sap/cloud-security-client-go < 0.17.0
sap/cloud-security-client-go 0 - 0.17.0Go
Published Dec 12, 2023
Tracked Since Feb 18, 2026