CVE-2024-45284— Missing authorization check in SAP Student Life Cycle Management (SLcM)

CVSS 2.4 · Low EPSS 0.07% · P22 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-45284

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Missing authorization check in SAP Student Life Cycle Management (SLcM)

Source: NVD (National Vulnerability Database)

Vulnerability Description

An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

授权机制缺失

Source: NVD (National Vulnerability Database)

Vulnerability Title

SAP Student Life Cycle Management 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SAP Student Life Cycle Management是德国思爱普（SAP）公司的一个学生生命周期管理系统。 SAP Student Life Cycle Management存在安全漏洞，该漏洞源于具有高权限的经过身份验证的攻击者可以使用应限制访问的 SLCM 事务功能。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
SAP_SE	SAP Student Life Cycle Management (SLcM)	617	-

II. Public POCs for CVE-2024-45284

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-45284

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2024-45284

Same Patch Batch · SAP_SE · 2024-09-10 · 20 CVEs total

CVE-2024-45286	6.5 MEDIUM	Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)
CVE-2024-42378	6.1 MEDIUM	Cross-Site Scripting (XSS) in eProcurement on S/4HANA
CVE-2024-45279	6.1 MEDIUM	Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM
CVE-2024-45283	6.0 MEDIUM	Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service)
CVE-2024-45281	5.8 MEDIUM	DLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform
CVE-2024-42371	5.4 MEDIUM	Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-45285	5.4 MEDIUM	Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-44117	5.4 MEDIUM	Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-45280	4.8 MEDIUM	Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application)
CVE-2024-44120	4.7 MEDIUM	Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
CVE-2024-44116	4.3 MEDIUM	Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-44112	4.3 MEDIUM	Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)
CVE-2024-44115	4.3 MEDIUM	Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-44121	4.3 MEDIUM	Information Disclosure in SAP S/4 HANA (Statutory Reports)
CVE-2024-44113	4.3 MEDIUM	Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer)
CVE-2024-42380	4.3 MEDIUM	Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-41729	4.3 MEDIUM	Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer)
CVE-2024-41728	2.7 LOW	Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-44114	2.0 LOW	Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

IV. Related Vulnerabilities

Same product: SAP Student Life Cycle Management (SLcM)

CVE-2024-42373
Missing Authorization Check in SAP Student Life Cycle Manage

Same vendor: SAP_SE

Same weakness: CWE-862

V. Comments for CVE-2024-45284

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-45284— Missing authorization check in SAP Student Life Cycle Management (SLcM)

I. Basic Information for CVE-2024-45284

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-45284

III. Intelligence Information for CVE-2024-45284

Same Patch Batch · SAP_SE · 2024-09-10 · 20 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-45284

Leave a comment