Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-59c9-pxq8-9c73

GitHub Security Advisory

Improper JWT Signature Validation in SAP Security Services Library

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

### Impact
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

### Patches
Upgrade to patched version >= 2.17.0 or >= 3.3.0
We always recommend to upgrade to the latest released version.

### Workarounds
No workarounds

### References
https://www.cve.org/CVERecord?id=CVE-2023-50422

Affected Packages

Maven com.sap.cloud.security:java-security
Affected versions: 0 (fixed in 2.17.0)
Maven com.sap.cloud.security:java-security
Affected versions: 3.0.0 (fixed in 3.3.0)
Maven com.sap.cloud.security:spring-security
Affected versions: 0 (fixed in 2.17.0)
Maven com.sap.cloud.security:spring-security
Affected versions: 3.0.0 (fixed in 3.3.0)
Maven com.sap.cloud.security.xsuaa:spring-xsuaa
Affected versions: 0 (fixed in 2.17.0)
Maven com.sap.cloud.security.xsuaa:spring-xsuaa
Affected versions: 3.0.0 (fixed in 3.3.0)

Related CVEs

CVE-2023-50422

Key Information

GHSA ID
GHSA-59c9-pxq8-9c73
Published
December 13, 2023 1:33 PM
Last Modified
September 30, 2024 7:44 PM
CVSS Score
9.0 /10
Primary Ecosystem
Maven
Primary Package
com.sap.cloud.security:java-security
GitHub Reviewed
✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.