CVE-2024-42373 – This vulnerability in SAP Student Life Cycle Ma... (How to Fix)

Q: What is the severity of CVE-2024-42373?

CVE-2024-42373 has a CVSS score of 4.3 (MEDIUM). This vulnerability in SAP Student Life Cycle Management (SLcM) allows authenticated users to bypass authorization checks and delete non-sensitive report variants they shouldn't have access to. It affects organizations using SAP SLcM with insufficient authorization controls. The impact is limited to deleting certain report variants, not core data or system functionality.

📋 TL;DR

This vulnerability in SAP Student Life Cycle Management (SLcM) allows authenticated users to bypass authorization checks and delete non-sensitive report variants they shouldn't have access to. It affects organizations using SAP SLcM with insufficient authorization controls. The impact is limited to deleting certain report variants, not core data or system functionality.

💻 Affected Systems

Products:

SAP Student Life Cycle Management (SLcM)

Versions: Specific versions not detailed in CVE; check SAP Note 3479293

Operating Systems: Any OS running SAP SLcM

Default Config Vulnerable: ⚠️ Yes

Notes: Affects standard SAP SLcM installations; requires authenticated user access.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could delete multiple report variants, potentially disrupting reporting workflows and requiring restoration from backups.

🟠

Likely Case

Minimal operational disruption from deleted report variants that can be recreated or restored.

🟢

If Mitigated

No impact if proper authorization controls and monitoring are implemented.

🌐 Internet-Facing: LOW - Requires authenticated access and affects specific functionality.

🏢 Internal Only: MEDIUM - Internal users with SLcM access could exploit this for limited privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to SAP SLcM and knowledge of report variant functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: See SAP Note 3479293 for specific patch details

Vendor Advisory: https://me.sap.com/notes/3479293

Restart Required: Yes

Instructions:

1. Review SAP Note 3479293
2. Apply the relevant SAP Security Patch
3. Restart affected SAP SLcM systems
4. Verify authorization checks are functioning correctly

🔧 Temporary Workarounds

Strengthen Authorization Controls

all

Implement additional authorization checks and role-based access controls for report variant management.

Monitor Report Variant Deletions

all

Enable detailed logging and monitoring for report variant deletion activities.

🧯 If You Can't Patch

Implement strict role-based access controls limiting who can manage report variants.
Enable comprehensive audit logging for all report variant operations and monitor for unauthorized deletions.

🔍 How to Verify

Check if Vulnerable:

Check if your SAP SLcM version matches those listed in SAP Note 3479293 and test authorization controls for report variant deletion.

Check Version:

Use SAP transaction code SM51 or check system information in SAP GUI

Verify Fix Applied:

After patching, verify that authenticated users without proper authorization cannot delete restricted report variants.

📡 Detection & Monitoring

Log Indicators:

Unauthorized deletion of report variants in SAP audit logs
Multiple report variant deletion attempts by single user

Network Indicators:

Unusual patterns of report management transactions

SIEM Query:

source="sap_audit_log" AND (event="report_variant_delete" AND user NOT IN authorized_users_list)

📊 Metadata

CVE ID: CVE-2024-42373

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-862

Published: August 13, 2024

Last Updated: September 12, 2024

🔗 References

https://me.sap.com/notes/3479293 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42373, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Student Life Cycle Management by Sap

Student Life Cycle Management by Sap

Student Life Cycle Management by Sap

Student Life Cycle Management by Sap

Student Life Cycle Management by Sap

Student Life Cycle Management by Sap

Student Life Cycle Management by Sap

Student Life Cycle Management by Sap

Student Life Cycle Management by Sap

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Strengthen Authorization Controls

Monitor Report Variant Deletions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities