Privilege Escalation through Restricted Access to SLCM Transactions

CVE-2024-45284

2.4LOW

Key Information

Vendor: SAP
Status: SAP Student Life Cycle Management (slcm)
Vendor: CVE Published:; 10 September 2024

Summary

An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application.

Affected Version(s)

SAP Student Life Cycle Management (SLcM) = 617

SAP Student Life Cycle Management (SLcM) = 618

SAP Student Life Cycle Management (SLcM) = 800

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 10, 2024
Vulnerability Reserved.
Aug 26, 2024

Collectors

NVD DatabaseMitre Database