Initiatieven voor
    
    Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
      
     
                  Reference:
Advisory #2023-149
Version:
1.0
Affected software:
SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) – versions  0.17.0
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) – versions 3.0.0 and  3.3.0
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) – versions  2.17.0
SAP BTP Security Services Integration Library ([Node.js] @sap/xssec – versions  3.6.0
SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions  4.1.0
Type:
Improper Privilege Management (CWE-269)
CVE/CVSS:
CVE-2023-49583 CVSS score: 9.1 (critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2023-50422 CVSS score: 9.1 (critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2023-50423 CVSS score: 9.1 (critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2023-50424 CVSS score: 9.1 (critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
SAP BTP Security Services Integration Libraries for Node.js, Python, Java and Go all contain high severity vulnerabilities which could allow an unauthenticated remote attacker to escalate privileges on the targeted system.
Due to improper privilege management within the SAP BTP Security Services Integration Libraries for Node.js, Python, Java and Go, an attacker could be allowed, under certain conditions, to perform an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
SAP recommends updating your SAP Business Technology Platform (BTP) Security Services Integration Libraries to the latest version to stay patched:
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
https://nvd.nist.gov/vuln/detail/CVE-2023-49583
https://nvd.nist.gov/vuln/detail/CVE-2023-50422
https://nvd.nist.gov/vuln/detail/CVE-2023-50423
https://nvd.nist.gov/vuln/detail/CVE-2023-50424