SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3479293 | Permissions Required |
https://url.sap/sapsecuritypatchday | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Sep 2024, 13:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://me.sap.com/notes/3479293 - Permissions Required | |
References | () https://url.sap/sapsecuritypatchday - Vendor Advisory | |
First Time |
Sap
Sap student Life Cycle Management |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:* cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:* cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:* cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:* cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:* cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:* cpe:2.3:a:sap:student_life_cycle_management:617:*:*:*:*:*:*:* cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:* cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:* |
|
Summary |
|
13 Aug 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-13 05:15
Updated : 2024-09-12 13:26
NVD link : CVE-2024-42373
Mitre link : CVE-2024-42373
CVE.ORG link : CVE-2024-42373
JSON object : View
Products Affected
sap
- student_life_cycle_management
CWE
CWE-862
Missing Authorization