{"url":"http://public2.vulnerablecode.io/api/packages/68134?format=json","purl":"pkg:maven/com.sap.cloud.security/java-security@3.0.0","type":"maven","namespace":"com.sap.cloud.security","name":"java-security","version":"3.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.3.0","latest_non_vulnerable_version":"3.3.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46625?format=json","vulnerability_id":"VCID-7zhg-cv8f-2qht","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067"},{"reference_url":"https://en.wikipedia.org/wiki/JSON_Web_Token","reference_id":"","reference_type":"","scores":[],"url":"https://en.wikipedia.org/wiki/JSON_Web_Token"},{"reference_url":"https://github.com/SAP/cloud-security-services-integration-library","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/SAP/cloud-security-services-integration-library"},{"reference_url":"https://github.com/SAP/cloud-security-services-integration-library/commit/4b3e42ab23df6418243b29908b1a2582818d9360","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/SAP/cloud-security-services-integration-library/commit/4b3e42ab23df6418243b29908b1a2582818d9360"},{"reference_url":"https://github.com/SAP/cloud-security-services-integration-library/commit/7ce9601979c30ae269a1cbaf7cf33486d10736f1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/SAP/cloud-security-services-integration-library/commit/7ce9601979c30ae269a1cbaf7cf33486d10736f1"},{"reference_url":"https://me.sap.com/notes/3411067","reference_id":"","reference_type":"","scores":[],"url":"https://me.sap.com/notes/3411067"},{"reference_url":"https://me.sap.com/notes/3413475","reference_id":"","reference_type":"","scores":[],"url":"https://me.sap.com/notes/3413475"},{"reference_url":"https://mvnrepository.com/artifact/com.sap.cloud.security/java-security","reference_id":"","reference_type":"","scores":[],"url":"https://mvnrepository.com/artifact/com.sap.cloud.security/java-security"},{"reference_url":"https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security","reference_id":"","reference_type":"","scores":[],"url":"https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security"},{"reference_url":"https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa","reference_id":"","reference_type":"","scores":[],"url":"https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa"},{"reference_url":"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50422","reference_id":"CVE-2023-50422","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50422"},{"reference_url":"https://github.com/advisories/GHSA-59c9-pxq8-9c73","reference_id":"GHSA-59c9-pxq8-9c73","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-59c9-pxq8-9c73"},{"reference_url":"https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73","reference_id":"GHSA-59c9-pxq8-9c73","reference_type":"","scores":[],"url":"https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68136?format=json","purl":"pkg:maven/com.sap.cloud.security/java-security@3.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/java-security@3.3.0"}],"aliases":["CVE-2023-50422","GHSA-59c9-pxq8-9c73","GMS-2023-6079","GMS-2023-6080","GMS-2023-6081"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7zhg-cv8f-2qht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46616?format=json","vulnerability_id":"VCID-wnps-h7xk-suh5","summary":"Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-59c9-pxq8-9c73. This link is maintained to preserve external references.\n\n## Original Description\nSAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.","references":[{"reference_url":"https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067"},{"reference_url":"https://github.com/SAP/cloud-security-services-integration-library","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/SAP/cloud-security-services-integration-library"},{"reference_url":"https://me.sap.com/notes/3411067","reference_id":"","reference_type":"","scores":[],"url":"https://me.sap.com/notes/3411067"},{"reference_url":"https://me.sap.com/notes/3413475","reference_id":"","reference_type":"","scores":[],"url":"https://me.sap.com/notes/3413475"},{"reference_url":"https://mvnrepository.com/artifact/com.sap.cloud.security/java-security","reference_id":"","reference_type":"","scores":[],"url":"https://mvnrepository.com/artifact/com.sap.cloud.security/java-security"},{"reference_url":"https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security","reference_id":"","reference_type":"","scores":[],"url":"https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security"},{"reference_url":"https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa","reference_id":"","reference_type":"","scores":[],"url":"https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa"},{"reference_url":"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50422","reference_id":"CVE-2023-50422","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50422"},{"reference_url":"https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73","reference_id":"GHSA-59c9-pxq8-9c73","reference_type":"","scores":[],"url":"https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73"},{"reference_url":"https://github.com/advisories/GHSA-gcgw-q47m-prvj","reference_id":"GHSA-gcgw-q47m-prvj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gcgw-q47m-prvj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68136?format=json","purl":"pkg:maven/com.sap.cloud.security/java-security@3.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/java-security@3.3.0"}],"aliases":["GHSA-gcgw-q47m-prvj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wnps-h7xk-suh5"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/java-security@3.0.0"}