Lucene search

SapCVELIST:CVE-2024-34688

HistoryJun 11, 2024 - 2:02 a.m.

CVE-2024-34688 Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)

2024-06-1102:02:21

CWE-400

sap

www.cve.org

denial of service

sap netweaver

dos attack

meta model repository

application availability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Due to unrestricted access to the Meta Model
Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks
on the application, which may prevent legitimate users from accessing it. This
can result in no impact on confidentiality and integrity but a high impact on
the availability of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver AS Java",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "MMR_SERVER 7.5"
      }
    ]
  }
]

References

me.sap.com/notes/3460407

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-34688