CVE-2024-42373

Published: Aug 13, 2024Modified: Sep 12, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application.

Affected (9)

Products: Sap: Student Life Cycle Management

Sap

1 product

Student Life Cycle Management

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Sap Student Life Cycle Management	Version 617
Sap Student Life Cycle Management	Version 618
Sap Student Life Cycle Management	Version 802
Sap Student Life Cycle Management	Version 803
Sap Student Life Cycle Management	Version 804
Sap Student Life Cycle Management	Version 805
Sap Student Life Cycle Management	Version 806
Sap Student Life Cycle Management	Version 807
Sap Student Life Cycle Management	Version 808

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://me.sap.com/notes/3479293

Source: cna@sap.com

Permissions Required

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Vendor Advisory

Timeline

No history available yet.