NotCVE - vendor:"SAP SE" product:"SAP Student Life Cycle Management" version:"803"

3 results (0.006 seconds)

CVSS: 2.4EPSS: 0%CPEs: 10EXPL: 0

CVE-2024-45284 – Missing authorization check in SAP Student Life Cycle Management (SLcM)

https://notcve.org/view.php?id=CVE-2024-45284

An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application. • https://me.sap.com/notes/2256627 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

CVE-2024-42373 – Missing Authorization Check in SAP Student Life Cycle Management (SLcM)

https://notcve.org/view.php?id=CVE-2024-42373

CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0

CVE-2024-34690 – Missing Authorization check in SAP Student Life Cycle Management (SLcM)

https://notcve.org/view.php?id=CVE-2024-34690

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application. SAP Student Life Cycle Management (SLcM) no realiza comprobaciones de autorización adecuadas para los usuarios autenticados, lo que genera una posible escalada de privilegios. Si se explota con éxito, podría permitir a un atacante acceder y editar variantes de informes no confidenciales que normalmente están restringidas, causando un impacto mínimo en la confidencialidad e integridad de la aplicación. • https://me.sap.com/notes/3457265 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html • CWE-862: Missing Authorization •