Privilege Escalation through Restricted Access to SLCM Transactions
CVE-2024-45284

2.4LOW

Key Information:

Vendor: SAP
Status: SAP Student Life Cycle Management (slcm)
Vendor: CVE Published:; 10 September 2024

What is CVE-2024-45284?

An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application.

Affected Version(s)

SAP Student Life Cycle Management (SLcM) 617

SAP Student Life Cycle Management (SLcM) 618

SAP Student Life Cycle Management (SLcM) 800

References

https://me.sap.com/notes/2256627

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 26, 2024