Lucene search

[email protected]NVD:CVE-2024-34690

HistoryJun 11, 2024 - 3:15 a.m.

CVE-2024-34690

2024-06-1103:15:11

CWE-862

[email protected]

web.nvd.nist.gov

sap

slcm

authorization

privilege escalation

confidentiality

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

Percentile

14.5%

JSON

SAP Student Life Cycle
Management (SLcM) fails to conduct proper authorization checks for
authenticated users, leading to the potential escalation of privileges. On
successful exploitation it could allow an attacker to access and edit
non-sensitive report variants that are typically restricted, causing minimal
impact on the confidentiality and integrity of the application.

Affected configurations

Nvd

Node

sapstudent_life_cycle_managementMatch618

sapstudent_life_cycle_managementMatch802

sapstudent_life_cycle_managementMatch803

sapstudent_life_cycle_managementMatch804

sapstudent_life_cycle_managementMatch805

sapstudent_life_cycle_managementMatch806

sapstudent_life_cycle_managementMatch807

sapstudent_life_cycle_managementMatch808

sapstudent_life_cycle_managementMatchis-ps-ca_617

VendorProductVersionCPE
sapstudent_life_cycle_management618cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:*
sapstudent_life_cycle_management802cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:*
sapstudent_life_cycle_management803cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:*
sapstudent_life_cycle_management804cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:*
sapstudent_life_cycle_management805cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:*
sapstudent_life_cycle_management806cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:*
sapstudent_life_cycle_management807cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:*
sapstudent_life_cycle_management808cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:*
sapstudent_life_cycle_managementis-ps-ca_617cpe:2.3:a:sap:student_life_cycle_management:is-ps-ca_617:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	student_life_cycle_management	618	cpe:2.3:a:sap:student_life_cycle_management:618:::::::*
sap	student_life_cycle_management	802	cpe:2.3:a:sap:student_life_cycle_management:802:::::::*
sap	student_life_cycle_management	803	cpe:2.3:a:sap:student_life_cycle_management:803:::::::*
sap	student_life_cycle_management	804	cpe:2.3:a:sap:student_life_cycle_management:804:::::::*
sap	student_life_cycle_management	805	cpe:2.3:a:sap:student_life_cycle_management:805:::::::*
sap	student_life_cycle_management	806	cpe:2.3:a:sap:student_life_cycle_management:806:::::::*
sap	student_life_cycle_management	807	cpe:2.3:a:sap:student_life_cycle_management:807:::::::*
sap	student_life_cycle_management	808	cpe:2.3:a:sap:student_life_cycle_management:808:::::::*
sap	student_life_cycle_management	is-ps-ca_617	cpe:2.3:a:sap:student_life_cycle_management:is-ps-ca_617:::::::*

References

me.sap.com/notes/3457265

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

Percentile

14.5%

JSON

Related for NVD:CVE-2024-34690

cvelist1 vulnrichment1 cve1