CVE-2026-24324

Summary

SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially or completely unavailable and resulting in the denial of service of the Content Management Server (CMS). Successful exploitation impacts system availability, while confidentiality and integrity remain unaffected.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP BusinessObjects Business Intelligence Platform (AdminTools)ENTERPRISE 430affected
SAP_SESAP BusinessObjects Business Intelligence Platform (AdminTools)2025affected
SAP_SESAP BusinessObjects Business Intelligence Platform (AdminTools)2027affected

Weaknesses

  • CWE-405: CWE-405: Asymmetric Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References