CVE-2026-24324 — Asymmetric Resource Consumption (Amplification) in SE SAP Businessobjects Business Intelligence Platform

CWE-405 — Asymmetric Resource Consumption (Amplification)3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 95.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform SAP Businessobjects Business Intelligence Platform

Timeline

PublishedFeb 10

Description

SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially or completely unavailable and resulting in the denial of service of the Content Management Server (CMS). Successful exploitation impacts system availability, while confidentiality and integrity remain unaffected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDsap/businessobjects_business_intelligence_platform2025, 2027, 430+2

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform2025, 2027, ENTERPRISE 430+2

🔴Vulnerability Details

GHSA

GHSA-c5x9-g76v-5jf9: SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in A↗2026-02-10

▶

CVEList

Denial of service (DOS) vulnerability in SAP BusinessObjects Business Intelligence Platform (AdminTools)↗2026-02-10

▶