Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

3413475 – [Multiple CVEs] Escalation of Privileges in SAP Edge Integration Cell

Symptom

Under specific conditions, SAP Edge Integration Cell, integrated with SAP BTP Security Services and reliant on various programming infrastructures, exhibits a critical vulnerability. This vulnerability, identified as CVE-2023-49583 and CVE-2023-50422, allows for an escalation of privileges. Successful exploitation by an unauthenticated attacker could lead to obtaining arbitrary permissions within the application.

Other Terms: CVE-2023-49583, CVE-2023-50422, SAP BTP Security Services Integration Libraries, privilege escalation, XSUAA, IAS, EIC, SAP Integration Suite.

Reason and Prerequisites

The vulnerability impacts SAP Edge Integration Cell versions up to and including 8.9.12.

Solution

This vulnerability has been addressed in SAP Edge Integration Cell version 8.9.13. Users are strongly advised to update their Edge Integration Cell solution to this latest version to mitigate the risk.

For step-by-step instructions on upgrading, refer to the SAP Upgrade Guide.

Workaround

There is no available workaround for this vulnerability.

CVSS Scores

  • CVSS v3.0 Base Score: 9.1 / 10
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality Impact (C): High (H)
  • Integrity Impact (I): High (H)
  • Availability Impact (A): None (N)

Explore More

SAP Security Training

Discover vulnerabilities through the eyes of an attacker In today’s digital landscape, SAP systems form the backbone of critical business operations for

SAP Security Patch Day RedRays

SAP Security Patch Day – May 2025

On May 13, 2025, SAP released its monthly Security Patch Day updates, addressing 18 new vulnerabilities across various SAP products and components.

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.