CVE-2024-42373
MEDIUMSAP Student Life Cycle Management - Missing Authorization
Title source: llmDescription
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application.
References (2)
Core 2
Core References
Permissions Required
https://me.sap.com/notes/3479293
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
4.3
EPSS
0.0012
EPSS Percentile
31.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (9)
sap/student_life_cycle_management
617
sap/student_life_cycle_management
618
sap/student_life_cycle_management
802
sap/student_life_cycle_management
803
sap/student_life_cycle_management
804
sap/student_life_cycle_management
805
sap/student_life_cycle_management
806
sap/student_life_cycle_management
807
sap/student_life_cycle_management
808
Published
Aug 13, 2024
Tracked Since
Feb 18, 2026