CVE-2024-34690
MEDIUMSAP Student Life Cycle Management - Missing Authorization
Title source: llmDescription
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application.
References (2)
Core 2
Core References
Permissions Required
https://me.sap.com/notes/3457265
Patch, Vendor Advisory
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html
Scores
CVSS v3
5.4
EPSS
0.0043
EPSS Percentile
62.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (9)
sap/student_life_cycle_management
618
sap/student_life_cycle_management
802
sap/student_life_cycle_management
803
sap/student_life_cycle_management
804
sap/student_life_cycle_management
805
sap/student_life_cycle_management
806
sap/student_life_cycle_management
807
sap/student_life_cycle_management
808
sap/student_life_cycle_management
is-ps-ca_617
Published
Jun 11, 2024
Tracked Since
Feb 18, 2026