Description
SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there is no impact on confidentiality or integrity.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3614067
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
6.5
EPSS
0.0010
EPSS Percentile
26.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-606
Status
published
Products (14)
SAP_SE/SAP Business Planning and Consolidation
300
SAP_SE/SAP Business Planning and Consolidation
751
SAP_SE/SAP Business Planning and Consolidation
752
SAP_SE/SAP Business Planning and Consolidation
753
SAP_SE/SAP Business Planning and Consolidation
754
SAP_SE/SAP Business Planning and Consolidation
755
SAP_SE/SAP Business Planning and Consolidation
756
SAP_SE/SAP Business Planning and Consolidation
757
SAP_SE/SAP Business Planning and Consolidation
758
SAP_SE/SAP Business Planning and Consolidation
816
... and 4 more
Published
Sep 09, 2025
Tracked Since
Feb 18, 2026