CVE-2026-24324
Undergoing Analysis Undergoing Analysis - In Progress
Denial of Service via Query Execution in SAP BusinessObjects CMS

Publication date: 2026-02-10

Last updated on: 2026-02-17

Assigner: SAP SE

Description
SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially or completely unavailable and resulting in the denial of service of the Content Management Server (CMS). Successful exploitation impacts system availability, while confidentiality and integrity remain unaffected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-17
Generated
2026-06-16
AI Q&A
2026-02-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24324
EUVD
EUVD-2026-6474
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
sap businessobjects_business_intelligence_platform 430
sap businessobjects_business_intelligence_platform 2025
sap businessobjects_business_intelligence_platform 2027
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-405 The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the SAP BusinessObjects Business Intelligence Platform (AdminTools). An authenticated attacker who has user privileges can execute a specific query within AdminTools that causes the Content Management Server (CMS) to crash. This crash can make the CMS partially or completely unavailable.

The result is a denial of service condition for the CMS, affecting system availability. However, the vulnerability does not impact the confidentiality or integrity of the system.

Impact Analysis

The primary impact of this vulnerability is on system availability. If exploited, it can cause the Content Management Server (CMS) to crash, leading to partial or complete unavailability of the CMS.

This denial of service can disrupt normal operations that depend on the CMS, potentially causing downtime and affecting business continuity.

Compliance Impact

This vulnerability impacts system availability but does not affect confidentiality or integrity of data.

Since regulations like GDPR and HIPAA emphasize the protection of personal data confidentiality and integrity, this vulnerability may have limited direct impact on compliance with those aspects.

However, the denial of service could affect availability requirements under these regulations, potentially impacting compliance if critical services are disrupted.

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24324. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart