Rewterz

Rewterz Threat Advisory – Multiple SAP Business Objects Vulnerabilities

December 28, 2023
Rewterz

Rewterz Threat Update – Recent Takedown Was Temporary Setback Confirmed by New Qakbot Sightings

December 28, 2023

Rewterz Threat Advisory – Multiple SAP Business Technology Platform BTP Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-49583, CVE-2023-50422, CVE-2023-50423, CVE-2023-50424 

SAP Business Technology Platform (BTP) Security Services Integration Libraries could allow a remote attacker to gain elevated privileges on the system, caused by improper permission validation. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

Impact

  • Privileges Escalation

Indicators Of Compromise

CVE

  • CVE-2023-49583
  • CVE-2023-50422
  • CVE-2023-50423
  • CVE-2023-50424

Affected Vendors

SAP

Affected Products

  • SAP cloud-security-services-integration-library 2.16.0
  • SAP @sap/xssec 3.5.0
  • SAP cloud-security-client-go 0.16.0
  • SAP sap-xssec 4.0.0

Remediation

Refer to SAP Website for patch, upgrade or suggested workaround information.

SAP Website

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.