CVE-2024-34690

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-34690
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application.

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://me.sap.com/notes/3457265 Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:is-ps-ca_617:*:*:*:*:*:*:*
History

09 Aug 2024, 19:25

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.4
CPE cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:is-ps-ca_617:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:*
cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:*
First Time Sap
Sap student Life Cycle Management
References () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch, Vendor Advisory
References () https://me.sap.com/notes/3457265 - () https://me.sap.com/notes/3457265 - Permissions Required

11 Jun 2024, 11:15

Type Values Removed Values Added
References
  • {'url': 'https://https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html', 'name': 'https://https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html', 'tags': [], 'refsource': ''}
  • () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html -

11 Jun 2024, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-11 03:15

Updated : 2024-08-09 19:25

NVD link : CVE-2024-34690

Mitre link : CVE-2024-34690

JSON object : View

Products Affected

sap

  • student_life_cycle_management
CWE
CWE-862

Missing Authorization