CVE-2024-34688

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

D

ue to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability of the application.

References

Link	Resource
https://me.sap.com/notes/3460407	Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html	Patch Vendor Advisory
https://me.sap.com/notes/3460407	Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:netweaver_application_server_java:mmr_server_7.5:*:*:*:*:*:*:*

History

21 Nov 2024, 09:19

Type	Values Removed	Values Added
References	~~() https://me.sap.com/notes/3460407 - Permissions Required~~	() https://me.sap.com/notes/3460407 - Permissions Required
References	~~() https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch, Vendor Advisory~~	() https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch, Vendor Advisory

09 Aug 2024, 19:45

Type	Values Removed	Values Added
First Time		Sap netweaver Application Server Java Sap
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:sap:netweaver_application_server_java:mmr_server_7.5:::::::*
References	~~() https://me.sap.com/notes/3460407 -~~	() https://me.sap.com/notes/3460407 - Permissions Required
References	~~() https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html -~~	() https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch, Vendor Advisory

11 Jun 2024, 13:54

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-11 03:15

Updated : 2024-11-21 09:19

NVD link : CVE-2024-34688

Mitre link : CVE-2024-34688

CVE.ORG link : CVE-2024-34688

JSON object : View

Products Affected

netweaver_application_server_java

CWE

CWE-400

Uncontrolled Resource Consumption

NVD-CWE-noinfo

{"id": "CVE-2024-34688", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-06-11T03:15:11.310", "references": [{"url": "https://me.sap.com/notes/3460407", "tags": ["Permissions Required"], "source": "[email protected]"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://me.sap.com/notes/3460407", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Due to unrestricted access to the Meta Model\nRepository services in SAP NetWeaver AS Java, attackers can perform DoS attacks\non the application, which may prevent legitimate users from accessing it. This\ncan result in no impact on confidentiality and integrity but a high impact on\nthe availability of the application."}, {"lang": "es", "value": "Debido al acceso sin restricciones a los servicios del Meta Model Repository en SAP NetWeaver AS Java, los atacantes pueden realizar ataques DoS en la aplicaci\u00f3n, lo que puede impedir que los usuarios leg\u00edtimos accedan a ella. Esto puede no tener ning\u00fan impacto en la confidencialidad e integridad, pero s\u00ed un alto impacto en la disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2024-11-21T09:19:11.933", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:mmr_server_7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1316CD4A-DA36-41B8-9186-FE3D9C709DA7"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}