← Back

CVE-2024-34690

nvd nist
Published: Jun 11, 2024Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.5
Source: NVD

Description

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application.

Affected (9)

Sap
1 product
Student Life Cycle Management
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Student Life Cycle Management
Version 618
Student Life Cycle Management
Version 802
Student Life Cycle Management
Version 803
Student Life Cycle Management
Version 804
Student Life Cycle Management
Version 805
Student Life Cycle Management
Version 806
Student Life Cycle Management
Version 807
Student Life Cycle Management
Version 808
Student Life Cycle Management
Version is-ps-ca_617

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.