CVE-2024-34690

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:is-ps-ca_617:*:*:*:*:*:*:*

History

21 Nov 2024, 09:19

Type Values Removed Values Added
References () https://me.sap.com/notes/3457265 - Permissions Required () https://me.sap.com/notes/3457265 - Permissions Required
References () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch, Vendor Advisory () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch, Vendor Advisory

09 Aug 2024, 19:25

Type Values Removed Values Added
References () https://me.sap.com/notes/3457265 - () https://me.sap.com/notes/3457265 - Permissions Required
References () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch, Vendor Advisory
CPE cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:is-ps-ca_617:*:*:*:*:*:*:*
First Time Sap
Sap student Life Cycle Management

11 Jun 2024, 13:54

Type Values Removed Values Added
Summary
  • (es) SAP Student Life Cycle Management (SLcM) no realiza comprobaciones de autorización adecuadas para los usuarios autenticados, lo que genera una posible escalada de privilegios. Si se explota con éxito, podría permitir a un atacante acceder y editar variantes de informes no confidenciales que normalmente están restringidas, causando un impacto mínimo en la confidencialidad e integridad de la aplicación.

11 Jun 2024, 11:15

Type Values Removed Values Added
References
  • {'url': 'https://https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html', 'source': 'cna@sap.com'}
  • () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html -

11 Jun 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-11 03:15

Updated : 2024-11-21 09:19


NVD link : CVE-2024-34690

Mitre link : CVE-2024-34690

CVE.ORG link : CVE-2024-34690


JSON object : View

Products Affected

sap

  • student_life_cycle_management
CWE
CWE-862

Missing Authorization