CVE-2024-34688Uncontrolled Resource Consumption in SE SAP Netweaver AS Java

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver AS JavaSAP Netweaver Application Server Java
Timeline
PublishedJun 11

Description

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDsap/netweaver_applicationmmr_server_7.5
CVEListV5sap_se/sap_netweaver_as_javaMMR_SERVER 7.5

Patches

Patch: support.sap.comPatch: support.sap.com

🔴Vulnerability Details

2
CVEList
Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)2024-06-11
GHSA
GHSA-6qmc-84fw-65c9: Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which2024-06-11
CVE-2024-34688 — Uncontrolled Resource Consumption | cvebase