Arbitrary Privilege Escalation in SAP BTP Security Services Integration Library

Arbitrary Privilege Escalation in SAP BTP Security Services Integration Library

CVE-2023-50424 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

Learn more about our Cloud Audit.