SapVULNRICHMENT:CVE-2024-34690CVE-2024-34690 Missing Authorization check in SAP Student Life Cycle Management (SLcM)
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
7.4 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
SAP Student Life Cycle
Management (SLcM) fails to conduct proper authorization checks for
authenticated users, leading to the potential escalation of privileges. On
successful exploitation it could allow an attacker to access and edit
non-sensitive report variants that are typically restricted, causing minimal
impact on the confidentiality and integrity of the application.
CNA Affected
[
{
"vendor": "SAP_SE",
"product": "SAP Student Life Cycle Management",
"versions": [
{
"status": "affected",
"version": "IS-PS-CA 617"
},
{
"status": "affected",
"version": "618"
},
{
"status": "affected",
"version": "802"
},
{
"status": "affected",
"version": "803"
},
{
"status": "affected",
"version": "804"
},
{
"status": "affected",
"version": "805"
},
{
"status": "affected",
"version": "806"
},
{
"status": "affected",
"version": "807"
},
{
"status": "affected",
"version": "808"
}
],
"defaultStatus": "unaffected"
}
]
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
7.4 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%