{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46625?format=json","vulnerability_id":"VCID-7zhg-cv8f-2qht","summary":"Duplicate\nThis advisory duplicates another.","aliases":[{"alias":"CVE-2023-50422"},{"alias":"GHSA-59c9-pxq8-9c73"},{"alias":"GMS-2023-6079"},{"alias":"GMS-2023-6080"},{"alias":"GMS-2023-6081"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68135?format=json","purl":"pkg:maven/com.sap.cloud.security/java-security@2.17.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/java-security@2.17.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68136?format=json","purl":"pkg:maven/com.sap.cloud.security/java-security@3.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/java-security@3.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68138?format=json","purl":"pkg:maven/com.sap.cloud.security/spring-security@2.17.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/spring-security@2.17.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68139?format=json","purl":"pkg:maven/com.sap.cloud.security/spring-security@3.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/spring-security@3.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68125?format=json","purl":"pkg:maven/com.sap.cloud.security.xsuaa/spring-xsuaa@2.17.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security.xsuaa/spring-xsuaa@2.17.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68126?format=json","purl":"pkg:maven/com.sap.cloud.security.xsuaa/spring-xsuaa@3.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security.xsuaa/spring-xsuaa@3.3.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68134?format=json","purl":"pkg:maven/com.sap.cloud.security/java-security@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7zhg-cv8f-2qht"},{"vulnerability":"VCID-wnps-h7xk-suh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/java-security@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68137?format=json","purl":"pkg:maven/com.sap.cloud.security/spring-security@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7zhg-cv8f-2qht"},{"vulnerability":"VCID-wnps-h7xk-suh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/spring-security@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68124?format=json","purl":"pkg:maven/com.sap.cloud.security.xsuaa/spring-xsuaa@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7zhg-cv8f-2qht"},{"vulnerability":"VCID-wnps-h7xk-suh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security.xsuaa/spring-xsuaa@3.0.0"}],"references":[{"reference_url":"https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067"},{"reference_url":"https://en.wikipedia.org/wiki/JSON_Web_Token","reference_id":"","reference_type":"","scores":[],"url":"https://en.wikipedia.org/wiki/JSON_Web_Token"},{"reference_url":"https://github.com/SAP/cloud-security-services-integration-library","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/SAP/cloud-security-services-integration-library"},{"reference_url":"https://github.com/SAP/cloud-security-services-integration-library/commit/4b3e42ab23df6418243b29908b1a2582818d9360","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/SAP/cloud-security-services-integration-library/commit/4b3e42ab23df6418243b29908b1a2582818d9360"},{"reference_url":"https://github.com/SAP/cloud-security-services-integration-library/commit/7ce9601979c30ae269a1cbaf7cf33486d10736f1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/SAP/cloud-security-services-integration-library/commit/7ce9601979c30ae269a1cbaf7cf33486d10736f1"},{"reference_url":"https://me.sap.com/notes/3411067","reference_id":"","reference_type":"","scores":[],"url":"https://me.sap.com/notes/3411067"},{"reference_url":"https://me.sap.com/notes/3413475","reference_id":"","reference_type":"","scores":[],"url":"https://me.sap.com/notes/3413475"},{"reference_url":"https://mvnrepository.com/artifact/com.sap.cloud.security/java-security","reference_id":"","reference_type":"","scores":[],"url":"https://mvnrepository.com/artifact/com.sap.cloud.security/java-security"},{"reference_url":"https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security","reference_id":"","reference_type":"","scores":[],"url":"https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security"},{"reference_url":"https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa","reference_id":"","reference_type":"","scores":[],"url":"https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa"},{"reference_url":"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50422","reference_id":"CVE-2023-50422","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50422"},{"reference_url":"https://github.com/advisories/GHSA-59c9-pxq8-9c73","reference_id":"GHSA-59c9-pxq8-9c73","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-59c9-pxq8-9c73"},{"reference_url":"https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73","reference_id":"GHSA-59c9-pxq8-9c73","reference_type":"","scores":[],"url":"https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":269,"name":"Improper Privilege Management","description":"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7zhg-cv8f-2qht"}