CVE-2026-24324
MEDIUMSAP BusinessObjects Business Intelligence Platform - Authenticated Denial of Service via AdminTools Query
Title source: llmDescription
SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially or completely unavailable and resulting in the denial of service of the Content Management Server (CMS). Successful exploitation impacts system availability, while confidentiality and integrity remain unaffected.
References (2)
Core 2
Core References
Permissions Required
https://me.sap.com/notes/3695912
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
6.5
EPSS
0.0034
EPSS Percentile
25.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-405
Status
published
Products (3)
sap/businessobjects_business_intelligence_platform
430
sap/businessobjects_business_intelligence_platform
2025
sap/businessobjects_business_intelligence_platform
2027
Published
Feb 10, 2026
Tracked Since
Feb 18, 2026