CVE-2024-34688
HIGHSAP NetWeaver AS Java - Denial of Service via Meta Model Repository Services
Title source: llmDescription
Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability of the application.
References (2)
Core 2
Core References
Permissions Required
https://me.sap.com/notes/3460407
Patch, Vendor Advisory
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html
Scores
CVSS v3
7.5
EPSS
0.0055
EPSS Percentile
68.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (1)
sap/netweaver_application_server_java
mmr_server_7.5
Published
Jun 11, 2024
Tracked Since
Feb 18, 2026