We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE

PUBLISHED

CVE-2024-34690

Missing Authorization check in SAP Student Life Cycle Management (SLcM)

Assigner	sap
Reserved	2024-05-07
Published	2024-06-11
Updated	2024-06-11

Description

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application.

MEDIUM: 5.4

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status

unaffected

IS-PS-CA 617

affected

618

affected

802

affected

803

affected

804

affected

805

affected

806

affected

807

affected

808

affected

References

https://me.sap.com/notes/3457265

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

cve.org CVE-2024-34690

nvd.nist.gov CVE-2024-34690

Download JSON

https://cve.threatint.com/CVE/CVE-2024-34690

Find us on

Data Privacy
Terms of Use

© Copyright 2024 THREATINT. Made in Cyprus with ❤ + ☼