FKIE_CVE-2024-34690

Vulnerability from fkie_nvd - Published: 2024-06-11 03:15 - Updated: 2024-11-21 09:19
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application.
References
cna@sap.comhttps://me.sap.com/notes/3457265Permissions Required
cna@sap.comhttps://support.sap.com/en/my-support/knowledge-base/security-notes-news.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://me.sap.com/notes/3457265Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://support.sap.com/en/my-support/knowledge-base/security-notes-news.htmlPatch, Vendor Advisory
Impacted products
Vendor Product Version
sap student_life_cycle_management 618
sap student_life_cycle_management 802
sap student_life_cycle_management 803
sap student_life_cycle_management 804
sap student_life_cycle_management 805
sap student_life_cycle_management 806
sap student_life_cycle_management 807
sap student_life_cycle_management 808
sap student_life_cycle_management is-ps-ca_617
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:*",
              "matchCriteriaId": "9630E381-1579-4D71-B49D-1079A31E3A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:*",
              "matchCriteriaId": "B60BA131-5DA5-409F-806A-641A7BBB9D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CE9F776-1B68-4ABA-850E-44DB58C2F616",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4A7443-E21B-4EAE-A4EC-E3B9A8908FBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:*",
              "matchCriteriaId": "6025F055-0E0E-41A3-BE2D-95229710FB1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C49CAC0-C207-4BC6-AE05-65645B54011C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:*",
              "matchCriteriaId": "463C241E-928C-4FE8-993D-F09E6F4EEC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:*",
              "matchCriteriaId": "F34FAC4C-4E0A-4E80-8276-E7DA12EC5BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:is-ps-ca_617:*:*:*:*:*:*:*",
              "matchCriteriaId": "005E1FB2-68EC-47A8-9B01-1D4F90ED70E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SAP Student Life Cycle\nManagement (SLcM) fails to conduct proper authorization checks for\nauthenticated users, leading to the potential escalation of privileges. On\nsuccessful exploitation it could allow an attacker to access and edit\nnon-sensitive report variants that are typically restricted, causing minimal\nimpact on the confidentiality and integrity of the application."
    },
    {
      "lang": "es",
      "value": "SAP Student Life Cycle Management (SLcM) no realiza comprobaciones de autorizaci\u00f3n adecuadas para los usuarios autenticados, lo que genera una posible escalada de privilegios. Si se explota con \u00e9xito, podr\u00eda permitir a un atacante acceder y editar variantes de informes no confidenciales que normalmente est\u00e1n restringidas, causando un impacto m\u00ednimo en la confidencialidad e integridad de la aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2024-34690",
  "lastModified": "2024-11-21T09:19:12.217",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "cna@sap.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-11T03:15:11.547",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://me.sap.com/notes/3457265"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://me.sap.com/notes/3457265"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "cna@sap.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.