Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-42373

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application.

Published

2024-08-13T05:15:13.800

Last Modified

2024-09-12T13:26:37.753

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	student_life_cycle_management	617	Yes
Application	sap	student_life_cycle_management	618	Yes
Application	sap	student_life_cycle_management	802	Yes
Application	sap	student_life_cycle_management	803	Yes
Application	sap	student_life_cycle_management	804	Yes
Application	sap	student_life_cycle_management	805	Yes
Application	sap	student_life_cycle_management	806	Yes
Application	sap	student_life_cycle_management	807	Yes
Application	sap	student_life_cycle_management	808	Yes

References

https://me.sap.com/notes/3479293 Permissions Required ([email protected])
https://url.sap/sapsecuritypatchday Vendor Advisory ([email protected])