Rewterz Threat Advisory – Multiple SAP Business Technology Platform BTP Vulnerabilities

Rewterz Threat Advisory – Multiple SAP Business Objects Vulnerabilities

December 28, 2023

Rewterz Threat Update – Recent Takedown Was Temporary Setback Confirmed by New Qakbot Sightings

December 28, 2023

Rewterz Threat Advisory – Multiple SAP Business Technology Platform BTP Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-49583, CVE-2023-50422, CVE-2023-50423, CVE-2023-50424

SAP Business Technology Platform (BTP) Security Services Integration Libraries could allow a remote attacker to gain elevated privileges on the system, caused by improper permission validation. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

Impact

Privileges Escalation

Indicators Of Compromise

CVE

CVE-2023-49583
CVE-2023-50422
CVE-2023-50423
CVE-2023-50424

Affected Vendors

SAP

Affected Products

SAP cloud-security-services-integration-library 2.16.0
SAP @sap/xssec 3.5.0
SAP cloud-security-client-go 0.16.0
SAP sap-xssec 4.0.0

Remediation

Refer to SAP Website for patch, upgrade or suggested workaround information.

SAP Website

Rewterz Threat Advisory – Multiple SAP Business Objects Vulnerabilities

Rewterz Threat Update – Recent Takedown Was Temporary Setback Confirmed by New Qakbot Sightings

Rewterz Threat Advisory – Multiple SAP Business Technology Platform BTP Vulnerabilities

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan