{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-45284","assignerOrgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","state":"PUBLISHED","assignerShortName":"sap","dateReserved":"2024-08-26T10:39:20.933Z","datePublished":"2024-09-10T04:57:24.442Z","dateUpdated":"2024-09-10T13:45:15.831Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"SAP Student Life Cycle Management (SLcM)","vendor":"SAP_SE","versions":[{"status":"affected","version":"617"},{"status":"affected","version":"618"},{"status":"affected","version":"800"},{"status":"affected","version":"802"},{"status":"affected","version":"803"},{"status":"affected","version":"804"},{"status":"affected","version":"805"},{"status":"affected","version":"806"},{"status":"affected","version":"807"},{"status":"affected","version":"808"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application.</p>"}],"value":"An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":2.4,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862: Missing Authorization","lang":"eng","type":"CWE"}]}],"providerMetadata":{"orgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","shortName":"sap","dateUpdated":"2024-09-10T04:57:24.442Z"},"references":[{"url":"https://me.sap.com/notes/2256627"},{"url":"https://url.sap/sapsecuritypatchday"}],"source":{"discovery":"UNKNOWN"},"title":"Missing authorization check in SAP Student Life Cycle Management (SLcM)","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-10T13:45:00.805351Z","id":"CVE-2024-45284","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-10T13:45:15.831Z"}}]}}