Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

3413475 – [Multiple CVEs] Escalation of Privileges in SAP Edge Integration Cell

Symptom

Under specific conditions, SAP Edge Integration Cell, integrated with SAP BTP Security Services and reliant on various programming infrastructures, exhibits a critical vulnerability. This vulnerability, identified as CVE-2023-49583 and CVE-2023-50422, allows for an escalation of privileges. Successful exploitation by an unauthenticated attacker could lead to obtaining arbitrary permissions within the application.

Other Terms: CVE-2023-49583, CVE-2023-50422, SAP BTP Security Services Integration Libraries, privilege escalation, XSUAA, IAS, EIC, SAP Integration Suite.

Reason and Prerequisites

The vulnerability impacts SAP Edge Integration Cell versions up to and including 8.9.12.

Solution

This vulnerability has been addressed in SAP Edge Integration Cell version 8.9.13. Users are strongly advised to update their Edge Integration Cell solution to this latest version to mitigate the risk.

For step-by-step instructions on upgrading, refer to the SAP Upgrade Guide.

Workaround

There is no available workaround for this vulnerability.

CVSS Scores

  • CVSS v3.0 Base Score: 9.1 / 10
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality Impact (C): High (H)
  • Integrity Impact (I): High (H)
  • Availability Impact (A): None (N)

More to explorer

SAP Cloud Connector Certificate Validation Issue

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,

Protect Your SAP with RedRays Security Platform

Explore the Power of Our Scanner with an Interactive Prototype Below