CVE-2023-50423 CRITICAL

CVE-2023-50423: Escalation of Privileges in SAP BTP Security Services Integration Library ([Python] cloud-pysec)

Vendor Sap_Se

Product sap-xssec

Weakness CWE-749

Published December 12, 2023

Last update February 25, 2026

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

Description

SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

Key dates

Disclosure timeline

December 12, 2023 CVE published

February 25, 2026 Record updated