DoS Attacks on Repository Services Can Cause High Availability Impact
CVE-2024-34688

7.5HIGH

Key Information:

Vendor: SAP
Status: SAP Netweaver As Java
Vendor: CVE Published:; 11 June 2024

What is CVE-2024-34688?

This vulnerability allows for unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java. As a result, attackers can exploit this flaw to execute Denial of Service (DoS) attacks, disrupting application availability for legitimate users. While the integrity and confidentiality of the application remain unaffected, the potential for service disruption raises serious concerns for organizations relying on SAP NetWeaver for their operations.

Affected Version(s)

SAP NetWeaver AS Java MMR_SERVER 7.5

References

https://me.sap.com/notes/3460407

https://support.sap.com/en/my-support/knowledge-base/secu...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
May 7, 2024