Lucene search

[email protected]NVD:CVE-2024-42373

HistoryAug 13, 2024 - 5:15 a.m.

CVE-2024-42373

2024-08-1305:15:13

CWE-862

[email protected]

web.nvd.nist.gov

sap

slcm

authorization

vulnerability

privilege escalation

application security

exploitation

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

EPSS

Percentile

14.1%

JSON

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application.

Affected configurations

Nvd

Node

sapstudent_life_cycle_managementMatch617

sapstudent_life_cycle_managementMatch618

sapstudent_life_cycle_managementMatch802

sapstudent_life_cycle_managementMatch803

sapstudent_life_cycle_managementMatch804

sapstudent_life_cycle_managementMatch805

sapstudent_life_cycle_managementMatch806

sapstudent_life_cycle_managementMatch807

sapstudent_life_cycle_managementMatch808

VendorProductVersionCPE
sapstudent_life_cycle_management617cpe:2.3:a:sap:student_life_cycle_management:617:*:*:*:*:*:*:*
sapstudent_life_cycle_management618cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:*
sapstudent_life_cycle_management802cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:*
sapstudent_life_cycle_management803cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:*
sapstudent_life_cycle_management804cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:*
sapstudent_life_cycle_management805cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:*
sapstudent_life_cycle_management806cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:*
sapstudent_life_cycle_management807cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:*
sapstudent_life_cycle_management808cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	student_life_cycle_management	617	cpe:2.3:a:sap:student_life_cycle_management:617:::::::*
sap	student_life_cycle_management	618	cpe:2.3:a:sap:student_life_cycle_management:618:::::::*
sap	student_life_cycle_management	802	cpe:2.3:a:sap:student_life_cycle_management:802:::::::*
sap	student_life_cycle_management	803	cpe:2.3:a:sap:student_life_cycle_management:803:::::::*
sap	student_life_cycle_management	804	cpe:2.3:a:sap:student_life_cycle_management:804:::::::*
sap	student_life_cycle_management	805	cpe:2.3:a:sap:student_life_cycle_management:805:::::::*
sap	student_life_cycle_management	806	cpe:2.3:a:sap:student_life_cycle_management:806:::::::*
sap	student_life_cycle_management	807	cpe:2.3:a:sap:student_life_cycle_management:807:::::::*
sap	student_life_cycle_management	808	cpe:2.3:a:sap:student_life_cycle_management:808:::::::*

References

me.sap.com/notes/3479293

url.sap/sapsecuritypatchday

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

EPSS

Percentile

14.1%

JSON

Related for NVD:CVE-2024-42373

vulnrichment1 cve1 cvelist1