Skip links

3413475 – [Multiple CVEs] Escalation of Privileges in SAP Edge Integration Cell

Symptom

Under specific conditions, SAP Edge Integration Cell, integrated with SAP BTP Security Services and reliant on various programming infrastructures, exhibits a critical vulnerability. This vulnerability, identified as CVE-2023-49583 and CVE-2023-50422, allows for an escalation of privileges. Successful exploitation by an unauthenticated attacker could lead to obtaining arbitrary permissions within the application.

Other Terms: CVE-2023-49583, CVE-2023-50422, SAP BTP Security Services Integration Libraries, privilege escalation, XSUAA, IAS, EIC, SAP Integration Suite.

Reason and Prerequisites

The vulnerability impacts SAP Edge Integration Cell versions up to and including 8.9.12.

Solution

This vulnerability has been addressed in SAP Edge Integration Cell version 8.9.13. Users are strongly advised to update their Edge Integration Cell solution to this latest version to mitigate the risk.

For step-by-step instructions on upgrading, refer to the SAP Upgrade Guide.

Workaround

There is no available workaround for this vulnerability.

CVSS Scores

  • CVSS v3.0 Base Score: 9.1 / 10
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality Impact (C): High (H)
  • Integrity Impact (I): High (H)
  • Availability Impact (A): None (N)

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies