Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Possibility to elevate privileges or get unauthorized access to data
Vulnerability Description
@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some cases, when user information was missing, destinations were cached without user information, allowing other users to retrieve the same destination with its permissions. By default, destination caching is disabled. The security for caching has been increased. The changes are released in version 1.52.0. Users unable to upgrade are advised to disable destination caching (it is disabled by default).
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
SAP Business Technology Platform 信息泄露漏洞
Vulnerability Description
SAP Business Technology Platform是德国思爱普(SAP)公司的一个业务技术平台,将具有数据库和数据管理、分析、集成和扩展功能的智能企业应用程序整合到一个平台中,适用于云和混合环境,包括数百个针对 SAP 和第三方应用程序的预构建集成。 SAP Business Technology Platform 存在信息泄露漏洞,该漏洞源于在受影响的版本中,以及在某些情况下,当用户信息丢失时,目的地将在没有用户信息的情况下缓存,从而允许其他用户使用其权限检索相同的目的地。
CVSS Information
N/A
Vulnerability Type
N/A