fkie_cve-2024-34690
Vulnerability from fkie_nvd
Published
2024-06-11 03:15
Modified
2024-11-21 09:19
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application.
References
cna@sap.comhttps://me.sap.com/notes/3457265Permissions Required
cna@sap.comhttps://support.sap.com/en/my-support/knowledge-base/security-notes-news.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://me.sap.com/notes/3457265Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://support.sap.com/en/my-support/knowledge-base/security-notes-news.htmlPatch, Vendor Advisory
Impacted products
Vendor Product Version
sap student_life_cycle_management 618
sap student_life_cycle_management 802
sap student_life_cycle_management 803
sap student_life_cycle_management 804
sap student_life_cycle_management 805
sap student_life_cycle_management 806
sap student_life_cycle_management 807
sap student_life_cycle_management 808
sap student_life_cycle_management is-ps-ca_617


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:*",
              "matchCriteriaId": "9630E381-1579-4D71-B49D-1079A31E3A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:*",
              "matchCriteriaId": "B60BA131-5DA5-409F-806A-641A7BBB9D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CE9F776-1B68-4ABA-850E-44DB58C2F616",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4A7443-E21B-4EAE-A4EC-E3B9A8908FBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:*",
              "matchCriteriaId": "6025F055-0E0E-41A3-BE2D-95229710FB1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C49CAC0-C207-4BC6-AE05-65645B54011C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:*",
              "matchCriteriaId": "463C241E-928C-4FE8-993D-F09E6F4EEC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:*",
              "matchCriteriaId": "F34FAC4C-4E0A-4E80-8276-E7DA12EC5BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:student_life_cycle_management:is-ps-ca_617:*:*:*:*:*:*:*",
              "matchCriteriaId": "005E1FB2-68EC-47A8-9B01-1D4F90ED70E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SAP Student Life Cycle\nManagement (SLcM) fails to conduct proper authorization checks for\nauthenticated users, leading to the potential escalation of privileges. On\nsuccessful exploitation it could allow an attacker to access and edit\nnon-sensitive report variants that are typically restricted, causing minimal\nimpact on the confidentiality and integrity of the application."
    },
    {
      "lang": "es",
      "value": "SAP Student Life Cycle Management (SLcM) no realiza comprobaciones de autorizaci\u00f3n adecuadas para los usuarios autenticados, lo que genera una posible escalada de privilegios. Si se explota con \u00e9xito, podr\u00eda permitir a un atacante acceder y editar variantes de informes no confidenciales que normalmente est\u00e1n restringidas, causando un impacto m\u00ednimo en la confidencialidad e integridad de la aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2024-34690",
  "lastModified": "2024-11-21T09:19:12.217",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "cna@sap.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-11T03:15:11.547",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://me.sap.com/notes/3457265"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://me.sap.com/notes/3457265"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "cna@sap.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.