CVE-2024-34690

Summary

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Student Life Cycle ManagementIS-PS-CA 617affected
SAP_SESAP Student Life Cycle Management618affected
SAP_SESAP Student Life Cycle Management802affected
SAP_SESAP Student Life Cycle Management803affected
SAP_SESAP Student Life Cycle Management804affected
SAP_SESAP Student Life Cycle Management805affected
SAP_SESAP Student Life Cycle Management806affected
SAP_SESAP Student Life Cycle Management807affected
SAP_SESAP Student Life Cycle Management808affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References