Description
SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to low impact on availability of the application, there is no impact on confidentiality and integrity.
Scores
CVSS v3
2.7
EPSS
0.0004
EPSS Percentile
10.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-835
Status
published
Products (20)
SAP_SE/SAP NetWeaver Business Warehouse (CCAW application)
200
SAP_SE/SAP NetWeaver Business Warehouse (CCAW application)
300
SAP_SE/SAP NetWeaver Business Warehouse (CCAW application)
400
SAP_SE/SAP NetWeaver Business Warehouse (CCAW application)
701
SAP_SE/SAP NetWeaver Business Warehouse (CCAW application)
702
SAP_SE/SAP NetWeaver Business Warehouse (CCAW application)
731
SAP_SE/SAP NetWeaver Business Warehouse (CCAW application)
740
SAP_SE/SAP NetWeaver Business Warehouse (CCAW application)
750
SAP_SE/SAP NetWeaver Business Warehouse (CCAW application)
751
SAP_SE/SAP NetWeaver Business Warehouse (CCAW application)
752
... and 10 more
Published
Jul 08, 2025
Tracked Since
Feb 18, 2026