Search criteria
2 vulnerabilities found for SAP Student Life Cycle Management by SAP_SE
CVE-2024-34690 (GCVE-0-2024-34690)
Vulnerability from cvelistv5 – Published: 2024-06-11 02:17 – Updated: 2024-08-02 02:59
VLAI?
Title
Missing Authorization check in SAP Student Life Cycle Management (SLcM)
Summary
SAP Student Life Cycle
Management (SLcM) fails to conduct proper authorization checks for
authenticated users, leading to the potential escalation of privileges. On
successful exploitation it could allow an attacker to access and edit
non-sensitive report variants that are typically restricted, causing minimal
impact on the confidentiality and integrity of the application.
Severity ?
5.4 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP Student Life Cycle Management |
Affected:
IS-PS-CA 617
Affected: 618 Affected: 802 Affected: 803 Affected: 804 Affected: 805 Affected: 806 Affected: 807 Affected: 808 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:23:21.338497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:23:56.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:21.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/3457265"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Student Life Cycle Management",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "IS-PS-CA 617"
},
{
"status": "affected",
"version": "618"
},
{
"status": "affected",
"version": "802"
},
{
"status": "affected",
"version": "803"
},
{
"status": "affected",
"version": "804"
},
{
"status": "affected",
"version": "805"
},
{
"status": "affected",
"version": "806"
},
{
"status": "affected",
"version": "807"
},
{
"status": "affected",
"version": "808"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SAP Student Life Cycle\nManagement (SLcM) fails to conduct proper authorization checks for\nauthenticated users, leading to the potential escalation of privileges. On\nsuccessful exploitation it could allow an attacker to access and edit\nnon-sensitive report variants that are typically restricted, causing minimal\nimpact on the confidentiality and integrity of the application."
}
],
"value": "SAP Student Life Cycle\nManagement (SLcM) fails to conduct proper authorization checks for\nauthenticated users, leading to the potential escalation of privileges. On\nsuccessful exploitation it could allow an attacker to access and edit\nnon-sensitive report variants that are typically restricted, causing minimal\nimpact on the confidentiality and integrity of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T10:13:28.806Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3457265"
},
{
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP Student Life Cycle Management (SLcM)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-34690",
"datePublished": "2024-06-11T02:17:13.787Z",
"dateReserved": "2024-05-07T05:46:11.658Z",
"dateUpdated": "2024-08-02T02:59:21.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34690 (GCVE-0-2024-34690)
Vulnerability from nvd – Published: 2024-06-11 02:17 – Updated: 2024-08-02 02:59
VLAI?
Title
Missing Authorization check in SAP Student Life Cycle Management (SLcM)
Summary
SAP Student Life Cycle
Management (SLcM) fails to conduct proper authorization checks for
authenticated users, leading to the potential escalation of privileges. On
successful exploitation it could allow an attacker to access and edit
non-sensitive report variants that are typically restricted, causing minimal
impact on the confidentiality and integrity of the application.
Severity ?
5.4 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP Student Life Cycle Management |
Affected:
IS-PS-CA 617
Affected: 618 Affected: 802 Affected: 803 Affected: 804 Affected: 805 Affected: 806 Affected: 807 Affected: 808 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:23:21.338497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:23:56.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:21.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/3457265"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Student Life Cycle Management",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "IS-PS-CA 617"
},
{
"status": "affected",
"version": "618"
},
{
"status": "affected",
"version": "802"
},
{
"status": "affected",
"version": "803"
},
{
"status": "affected",
"version": "804"
},
{
"status": "affected",
"version": "805"
},
{
"status": "affected",
"version": "806"
},
{
"status": "affected",
"version": "807"
},
{
"status": "affected",
"version": "808"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SAP Student Life Cycle\nManagement (SLcM) fails to conduct proper authorization checks for\nauthenticated users, leading to the potential escalation of privileges. On\nsuccessful exploitation it could allow an attacker to access and edit\nnon-sensitive report variants that are typically restricted, causing minimal\nimpact on the confidentiality and integrity of the application."
}
],
"value": "SAP Student Life Cycle\nManagement (SLcM) fails to conduct proper authorization checks for\nauthenticated users, leading to the potential escalation of privileges. On\nsuccessful exploitation it could allow an attacker to access and edit\nnon-sensitive report variants that are typically restricted, causing minimal\nimpact on the confidentiality and integrity of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T10:13:28.806Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3457265"
},
{
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP Student Life Cycle Management (SLcM)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-34690",
"datePublished": "2024-06-11T02:17:13.787Z",
"dateReserved": "2024-05-07T05:46:11.658Z",
"dateUpdated": "2024-08-02T02:59:21.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}