SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap @sap/xssec |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Nothing under exploit… Is this the calm before the storm?
Patch Tuesday Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge. None of the January CVEs are under active exploit, according to Redmond. Of the two critical vulnerabilities, CVE-2024-20674 received the highest CVSS rating. It's a 9.0-rated security feature bypass bug in Windows Kerberos. "An unauthenticated attacker could exploit this vuln...