Vulnerability Description
SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | \@Sap\/Xssec | < 3.6.0 |
Related Weaknesses (CWE)
References
- https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-secVendor Advisory
- https://me.sap.com/notes/3411067Permissions Required
- https://me.sap.com/notes/3412456
- https://me.sap.com/notes/3413475
- https://www.npmjs.com/package/@sap/xssecProduct
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
- https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-secVendor Advisory
- https://me.sap.com/notes/3411067Permissions Required
- https://me.sap.com/notes/3412456
- https://me.sap.com/notes/3413475
- https://www.npmjs.com/package/@sap/xssecProduct
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
FAQ
What is CVE-2023-49583?
CVE-2023-49583 is a vulnerability with a CVSS score of 9.1 (CRITICAL). SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attac...
How severe is CVE-2023-49583?
CVE-2023-49583 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-49583?
Check the references section above for vendor advisories and patch information. Affected products include: Sap \@Sap\/Xssec.