mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
125 lines
4.7 KiB
JSON
125 lines
4.7 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-42373",
|
|
"ASSIGNER": "cna@sap.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-862: Missing Authorization",
|
|
"cweId": "CWE-862"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "SAP_SE",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "SAP Student Life Cycle Management (SLcM)",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "617"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "618"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "802"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "803"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "804"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "805"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "806"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "807"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "808"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://me.sap.com/notes/3479293",
|
|
"refsource": "MISC",
|
|
"name": "https://me.sap.com/notes/3479293"
|
|
},
|
|
{
|
|
"url": "https://url.sap/sapsecuritypatchday",
|
|
"refsource": "MISC",
|
|
"name": "https://url.sap/sapsecuritypatchday"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.2.0"
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |