SAP BTP Security Services Integration Library ([Python] sap-xssec) allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

### Patches
Upgrade to patched version >= 4.1.0
We always recommend to upgrade to the latest released version.

### Workarounds
No workarounds

### References
https://www.cve.org/CVERecord?id=CVE-2023-50423

Affected Packages

PyPI sap-xssec

Affected versions: 0 (fixed in 4.1.0)

Related CVEs

CVE-2023-50423

Key Information

GHSA ID

GHSA-6mjg-37cp-42x5

Published

December 13, 2023 1:34 PM

Last Modified

September 30, 2024 7:44 PM

CVSS Score

9.0 /10

Primary Ecosystem

PyPI

Primary Package

sap-xssec

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.