2 results (0.010 seconds)

CVSS: 2.4EPSS: 0%CPEs: 10EXPL: 0

An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application. • https://me.sap.com/notes/2256627 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application. • https://me.sap.com/notes/3479293 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •