THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-34690

Missing Authorization check in SAP Student Life Cycle Management (SLcM)

Assigner:sap (e4686d1a-f260-4930-ac4c-2f5c992778dd)
Reserved:2024-05-07
Published:2024-06-11
Updated:2024-06-11

Description

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application.



MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status
unaffected

IS-PS-CA 617
affected

618
affected

802
affected

803
affected

804
affected

805
affected

806
affected

807
affected

808
affected

References

https://me.sap.com/notes/3457265

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

cve.org CVE-2024-34690

nvd.nist.gov CVE-2024-34690

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-34690