CVE-2023-50424— Escalation of Privileges in SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-50424
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Escalation of Privileges in SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go)
Source: NVD (National Vulnerability Database)
Vulnerability Description
SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
暴露危险的方法或函数
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP BTP Security Services Integration Library 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP BTP Security Services Integration Library是德国思爱普(SAP)公司的一个安全服务集成库。 SAP BTP Security Services Integration Library 2.17.0 之前、 3.3.0之前版本存在安全漏洞,该漏洞源于允许在某些条件下升级权限,攻击者利用该漏洞可以获得应用程序内的任意权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP_SE | github.com/sap/cloud-security-client-go | < 0.17.0 | - |
II. Public POCs for CVE-2023-50424
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-50424
请登录查看更多情报信息。
Same Patch Batch · SAP_SE · 2023-12-12 · 16 CVEs total
| CVE-2023-49583 | 9.1 CRITICAL | Escalation of Privileges in SAP BTP Security Services Integration Library ([Node.js] @sap/ |
| CVE-2023-50422 | 9.1 CRITICAL | Escalation of Privileges in SAP BTP Security Services Integration Library ([Java] cloud-se |
| CVE-2023-50423 | 9.1 CRITICAL | Escalation of Privileges in SAP BTP Security Services Integration Library ([Python] cloud- |
| CVE-2023-42481 | 8.1 HIGH | Improper Access Control vulnerability in SAP Commerce Cloud |
| CVE-2023-42478 | 7.5 HIGH | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Plat |
| CVE-2023-49580 | 7.3 HIGH | Information disclosure in SAP GUI for Windows and SAP GUI for Java |
| CVE-2023-6542 | 7.1 HIGH | Improper Export of Android Application Components in SAP EMARSYS SDK ANDROID |
| CVE-2023-42476 | 6.8 MEDIUM | Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence |
| CVE-2023-49587 | 6.4 MEDIUM | Command Injection vulnerability in SAP Solution Manager |
| CVE-2023-42479 | 6.1 MEDIUM | Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct |
| CVE-2023-49577 | 6.1 MEDIUM | Cross-Site Scripting (XSS) vulnerability in the SAP HCM (SMART PAYE solution) |
| CVE-2023-49584 | 4.3 MEDIUM | Client-Side Desynchronization vulnerability in SAP Fiori Launchpad |
| CVE-2023-49581 | 4.1 MEDIUM | SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform |
| CVE-2023-49058 | 3.5 LOW | Directory Traversal vulnerability in SAP Master Data Governance |
| CVE-2023-49578 | 3.5 LOW | Denial of service (DOS) in SAP Cloud Connector |
IV. Related Vulnerabilities
Same vendor: SAP_SE
- CVE-2026-34264
Information Disclosure vulnerability in SAP Human Capital Ma - CVE-2026-34262
Information Disclosure Vulnerability in SAP HANA Cockpit and - CVE-2026-34261
Missing Authorization check in SAP Business Analytics and SA - CVE-2026-34257
Open Redirect vulnerability in SAP NetWeaver Application Ser - CVE-2026-34256
Missing Authorization check in SAP ERP and SAP S/4 HANA (Pri
Same weakness: CWE-749
- CVE-2026-25266
Exposed dangerous function in windows host - CVE-2026-5173
Exposed Dangerous Method or Function in GitLab - CVE-2026-35488
Tandoor Recipes — CustomIsShared permits DELETE/PUT on Recip - CVE-2026-30957
OneUptime Synthetic Monitor RCE via exposed Playwright brows - CVE-2026-3483
Ivanti Desktop and Server Management 安全漏洞
V. Comments for CVE-2023-50424
No comments yet