CVE-2026-24324

SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially or completely unavailable and resulting in the denial of service of the Content Management Server (CMS). Successful exploitation impacts system availability, while confidentiality and integrity remain unaffected.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3695912	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430::::enterprise:::
	cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2025::::enterprise:::
	cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2027::::enterprise:::

History

No history.

Information

Published : 2026-02-10 04:16

Updated : 2026-02-17 15:15

NVD link : CVE-2026-24324

Mitre link : CVE-2026-24324

CVE.ORG link : CVE-2026-24324

JSON object : View

Products Affected

sap

businessobjects_business_intelligence_platform

CWE

CWE-405

Asymmetric Resource Consumption (Amplification)

NVD-CWE-noinfo

{"id": "CVE-2026-24324", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-02-10T04:16:04.630", "references": [{"url": "https://me.sap.com/notes/3695912", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-405"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially or completely unavailable and resulting in the denial of service of the Content Management Server (CMS). Successful exploitation impacts system availability, while confidentiality and integrity remain unaffected."}, {"lang": "es", "value": "SAP BusinessObjects Business Intelligence Platform (AdminTools) permite a un atacante autenticado con privilegios de usuario ejecutar una consulta espec\u00edfica en AdminTools que podr\u00eda causar la ca\u00edda del Content Management Server (CMS), dejando el CMS parcial o completamente no disponible y resultando en la denegaci\u00f3n de servicio del Content Management Server (CMS). La explotaci\u00f3n exitosa afecta la disponibilidad del sistema, mientras que la confidencialidad y la integridad no se ven afectadas."}], "lastModified": "2026-02-17T15:15:09.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "8354981E-4A5F-4E5E-AF3A-283D5922DF90"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2025:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CEEB4426-D0A6-40D4-B053-8A47E8E0700D"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2027:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C532D05D-B06C-4BAB-84D1-5127F3A78977"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}