Rewterz Threat Advisory – Multiple SAP Business Objects Vulnerabilities
December 28, 2023Rewterz Threat Update – Recent Takedown Was Temporary Setback Confirmed by New Qakbot Sightings
December 28, 2023Rewterz Threat Advisory – Multiple SAP Business Objects Vulnerabilities
December 28, 2023Rewterz Threat Update – Recent Takedown Was Temporary Setback Confirmed by New Qakbot Sightings
December 28, 2023Severity
High
Analysis Summary
CVE-2023-49583, CVE-2023-50422, CVE-2023-50423, CVE-2023-50424
SAP Business Technology Platform (BTP) Security Services Integration Libraries could allow a remote attacker to gain elevated privileges on the system, caused by improper permission validation. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Privileges Escalation
Indicators Of Compromise
CVE
- CVE-2023-49583
- CVE-2023-50422
- CVE-2023-50423
- CVE-2023-50424
Affected Vendors
SAP
Affected Products
- SAP cloud-security-services-integration-library 2.16.0
- SAP @sap/xssec 3.5.0
- SAP cloud-security-client-go 0.16.0
- SAP sap-xssec 4.0.0
Remediation
Refer to SAP Website for patch, upgrade or suggested workaround information.