Home

Description

SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially or completely unavailable and resulting in the denial of service of the Content Management Server (CMS). Successful exploitation impacts system availability, while confidentiality and integrity remain unaffected.

PUBLISHED Reserved 2026-01-21 | Published 2026-02-10 | Updated 2026-02-10 | Assigner sap




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-405: Asymmetric Resource Consumption

Product status

Default status
unaffected

ENTERPRISE 430
affected

2025
affected

2027
affected

References

me.sap.com/notes/3695912

url.sap/sapsecuritypatchday

cve.org (CVE-2026-24324)

nvd.nist.gov (CVE-2026-24324)

Download JSON