Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-34690

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application.

Published

2024-06-11T03:15:11.547

Last Modified

2024-11-21T09:19:12.217

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	student_life_cycle_management	618	Yes
Application	sap	student_life_cycle_management	802	Yes
Application	sap	student_life_cycle_management	803	Yes
Application	sap	student_life_cycle_management	804	Yes
Application	sap	student_life_cycle_management	805	Yes
Application	sap	student_life_cycle_management	806	Yes
Application	sap	student_life_cycle_management	807	Yes
Application	sap	student_life_cycle_management	808	Yes
Application	sap	student_life_cycle_management	is-ps-ca_617	Yes

References

https://me.sap.com/notes/3457265 Permissions Required ([email protected])
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html Patch, Vendor Advisory ([email protected])
https://me.sap.com/notes/3457265 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)