CVE-2024-34688: 
SAP NetWeaver Application Server Java vulnerability analysis and mitigation

A high-severity vulnerability (CVE-2024-34688) was identified in SAP NetWeaver AS Java's Meta Model Repository services. The vulnerability was discovered and disclosed on June 10, 2024, affecting SAP NetWeaver Application Server Java MMR Server 7.5. The issue stems from unrestricted access to the Meta Model Repository services, which could allow attackers to perform denial-of-service (DoS) attacks (NVD, SecurityWeek).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The technical assessment indicates that the vulnerability requires no privileges or user interaction to exploit, and can be accessed from the network. The weakness has been categorized under CWE-400 (Uncontrolled Resource Consumption) (NVD).

The vulnerability's primary impact is on system availability, with no direct effect on confidentiality or integrity. When successfully exploited, the vulnerability can prevent legitimate users from accessing the application through denial-of-service conditions (NVD, SecurityWeek).

SAP has released security patches to address this vulnerability as part of their June 2024 Security Patch Day. Organizations are strongly advised to apply the available updates as soon as possible to protect their systems (SecurityWeek).