Lucene search

SapCVE-2024-42373

HistoryAug 13, 2024 - 5:15 a.m.

CVE-2024-42373

2024-08-1305:15:13

CWE-862

sap

web.nvd.nist.gov

sap slcm

authorization checks

privilege escalation

report variants

application integrity

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

Confidence

High

EPSS

Percentile

14.1%

JSON

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application.

Affected configurations

Nvd

Node

sapstudent_life_cycle_managementMatch617

sapstudent_life_cycle_managementMatch618

sapstudent_life_cycle_managementMatch802

sapstudent_life_cycle_managementMatch803

sapstudent_life_cycle_managementMatch804

sapstudent_life_cycle_managementMatch805

sapstudent_life_cycle_managementMatch806

sapstudent_life_cycle_managementMatch807

sapstudent_life_cycle_managementMatch808

VendorProductVersionCPE
sapstudent_life_cycle_management617cpe:2.3:a:sap:student_life_cycle_management:617:*:*:*:*:*:*:*
sapstudent_life_cycle_management618cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:*
sapstudent_life_cycle_management802cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:*
sapstudent_life_cycle_management803cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:*
sapstudent_life_cycle_management804cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:*
sapstudent_life_cycle_management805cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:*
sapstudent_life_cycle_management806cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:*
sapstudent_life_cycle_management807cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:*
sapstudent_life_cycle_management808cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	student_life_cycle_management	617	cpe:2.3:a:sap:student_life_cycle_management:617:::::::*
sap	student_life_cycle_management	618	cpe:2.3:a:sap:student_life_cycle_management:618:::::::*
sap	student_life_cycle_management	802	cpe:2.3:a:sap:student_life_cycle_management:802:::::::*
sap	student_life_cycle_management	803	cpe:2.3:a:sap:student_life_cycle_management:803:::::::*
sap	student_life_cycle_management	804	cpe:2.3:a:sap:student_life_cycle_management:804:::::::*
sap	student_life_cycle_management	805	cpe:2.3:a:sap:student_life_cycle_management:805:::::::*
sap	student_life_cycle_management	806	cpe:2.3:a:sap:student_life_cycle_management:806:::::::*
sap	student_life_cycle_management	807	cpe:2.3:a:sap:student_life_cycle_management:807:::::::*
sap	student_life_cycle_management	808	cpe:2.3:a:sap:student_life_cycle_management:808:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Student Life Cycle Management (SLcM)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "617"
      },
      {
        "status": "affected",
        "version": "618"
      },
      {
        "status": "affected",
        "version": "802"
      },
      {
        "status": "affected",
        "version": "803"
      },
      {
        "status": "affected",
        "version": "804"
      },
      {
        "status": "affected",
        "version": "805"
      },
      {
        "status": "affected",
        "version": "806"
      },
      {
        "status": "affected",
        "version": "807"
      },
      {
        "status": "affected",
        "version": "808"
      }
    ]
  }
]

References

me.sap.com/notes/3479293

url.sap/sapsecuritypatchday

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

Confidence

High

EPSS

Percentile

14.1%

JSON

Related for CVE-2024-42373