SAP Student Life Cycle
Management (SLcM) fails to conduct proper authorization checks for
authenticated users, leading to the potential escalation of privileges. On
successful exploitation it could allow an attacker to access and edit
non-sensitive report variants that are typically restricted, causing minimal
impact on the confidentiality and integrity of the application.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3457265 | Permissions Required |
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html | Patch Vendor Advisory |
https://me.sap.com/notes/3457265 | Permissions Required |
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://me.sap.com/notes/3457265 - Permissions Required | |
References | () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch, Vendor Advisory |
09 Aug 2024, 19:25
Type | Values Removed | Values Added |
---|---|---|
References | () https://me.sap.com/notes/3457265 - Permissions Required | |
References | () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:* cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:* cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:* cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:* cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:* cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:* cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:* cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:* cpe:2.3:a:sap:student_life_cycle_management:is-ps-ca_617:*:*:*:*:*:*:* |
|
First Time |
Sap
Sap student Life Cycle Management |
11 Jun 2024, 13:54
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Jun 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
11 Jun 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-11 03:15
Updated : 2024-11-21 09:19
NVD link : CVE-2024-34690
Mitre link : CVE-2024-34690
CVE.ORG link : CVE-2024-34690
JSON object : View
Products Affected
sap
- student_life_cycle_management
CWE
CWE-862
Missing Authorization