CVE-2026-24324: CWE-405: Asymmetric Resource Consumption in SAP_SE SAP BusinessObjects Business Intelligence Platform (AdminTools)
CVE-2026-24324 is a medium severity vulnerability in SAP BusinessObjects Business Intelligence Platform (AdminTools) that allows an authenticated user with standard privileges to execute a crafted query causing the Content Management Server (CMS) to crash. This results in a denial of service condition affecting system availability, while confidentiality and integrity remain intact. Exploitation requires no user interaction but does require valid user credentials. The vulnerability affects versions ENTERPRISE 430, 2025, and 2027 of the platform. No known exploits are currently reported in the wild. The CVSS score is 6. 5, reflecting a network attack vector with low complexity and no privileges beyond user level. European organizations relying on SAP BusinessObjects for business intelligence and reporting could face operational disruptions if targeted. Mitigation involves monitoring user activities, restricting access to AdminTools, and applying patches or vendor guidance once available. Countries with significant SAP deployments and critical industries using SAP BI platforms, such as Germany, France, and the UK, are most likely to be impacted.
AI Analysis
Technical Summary
CVE-2026-24324 is classified as an asymmetric resource consumption vulnerability (CWE-405) in the SAP BusinessObjects Business Intelligence Platform's AdminTools component. Specifically, an authenticated attacker with user-level privileges can craft and execute a particular query within AdminTools that triggers a resource exhaustion condition in the Content Management Server (CMS). This leads to the CMS crashing or becoming partially or fully unavailable, causing a denial of service (DoS) condition. The vulnerability does not affect confidentiality or integrity, as it does not allow data leakage or unauthorized modification. The attack vector is network-based, requiring the attacker to have valid user credentials but no additional privileges or user interaction. The affected versions include ENTERPRISE 430, 2025, and 2027 releases of SAP BusinessObjects. The CVSS v3.1 base score is 6.5, indicating medium severity due to the impact on availability and ease of exploitation. No public exploits have been reported to date, and no patches are currently linked, suggesting organizations should monitor SAP advisories closely. The vulnerability could be exploited internally or by compromised users to disrupt business intelligence services, impacting operational continuity.
Potential Impact
For European organizations, the primary impact of this vulnerability is operational disruption due to denial of service of the CMS component in SAP BusinessObjects. This platform is widely used for business intelligence, reporting, and decision support, so CMS unavailability can halt critical analytics and reporting functions. Industries relying heavily on SAP BI platforms—such as manufacturing, finance, telecommunications, and public sector—may experience degraded service levels, delayed decision-making, and potential compliance risks if reporting is interrupted. Although confidentiality and integrity are not directly impacted, the loss of availability can indirectly affect business operations and service delivery. The requirement for authenticated access limits exploitation to insiders or compromised accounts, but this also means insider threats or phishing attacks could leverage this vulnerability to cause disruption. The absence of known exploits reduces immediate risk, but the medium severity score and ease of exploitation warrant proactive mitigation.
Mitigation Recommendations
1. Restrict access to SAP BusinessObjects AdminTools strictly to trusted administrators and users with a legitimate need, employing the principle of least privilege. 2. Monitor and audit user activities within AdminTools to detect unusual or suspicious query executions that could indicate exploitation attempts. 3. Implement strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise. 4. Segregate the SAP BusinessObjects environment from general user networks to limit exposure. 5. Regularly review and update user permissions to ensure no excessive privileges are granted. 6. Stay informed on SAP security advisories and apply patches or hotfixes promptly once available. 7. Consider deploying application-layer DoS protection or rate limiting on queries to AdminTools if supported. 8. Conduct internal penetration testing and vulnerability assessments focusing on SAP BI components to identify and remediate weaknesses.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden
CVE-2026-24324: CWE-405: Asymmetric Resource Consumption in SAP_SE SAP BusinessObjects Business Intelligence Platform (AdminTools)
Description
CVE-2026-24324 is a medium severity vulnerability in SAP BusinessObjects Business Intelligence Platform (AdminTools) that allows an authenticated user with standard privileges to execute a crafted query causing the Content Management Server (CMS) to crash. This results in a denial of service condition affecting system availability, while confidentiality and integrity remain intact. Exploitation requires no user interaction but does require valid user credentials. The vulnerability affects versions ENTERPRISE 430, 2025, and 2027 of the platform. No known exploits are currently reported in the wild. The CVSS score is 6. 5, reflecting a network attack vector with low complexity and no privileges beyond user level. European organizations relying on SAP BusinessObjects for business intelligence and reporting could face operational disruptions if targeted. Mitigation involves monitoring user activities, restricting access to AdminTools, and applying patches or vendor guidance once available. Countries with significant SAP deployments and critical industries using SAP BI platforms, such as Germany, France, and the UK, are most likely to be impacted.
AI-Powered Analysis
Technical Analysis
CVE-2026-24324 is classified as an asymmetric resource consumption vulnerability (CWE-405) in the SAP BusinessObjects Business Intelligence Platform's AdminTools component. Specifically, an authenticated attacker with user-level privileges can craft and execute a particular query within AdminTools that triggers a resource exhaustion condition in the Content Management Server (CMS). This leads to the CMS crashing or becoming partially or fully unavailable, causing a denial of service (DoS) condition. The vulnerability does not affect confidentiality or integrity, as it does not allow data leakage or unauthorized modification. The attack vector is network-based, requiring the attacker to have valid user credentials but no additional privileges or user interaction. The affected versions include ENTERPRISE 430, 2025, and 2027 releases of SAP BusinessObjects. The CVSS v3.1 base score is 6.5, indicating medium severity due to the impact on availability and ease of exploitation. No public exploits have been reported to date, and no patches are currently linked, suggesting organizations should monitor SAP advisories closely. The vulnerability could be exploited internally or by compromised users to disrupt business intelligence services, impacting operational continuity.
Potential Impact
For European organizations, the primary impact of this vulnerability is operational disruption due to denial of service of the CMS component in SAP BusinessObjects. This platform is widely used for business intelligence, reporting, and decision support, so CMS unavailability can halt critical analytics and reporting functions. Industries relying heavily on SAP BI platforms—such as manufacturing, finance, telecommunications, and public sector—may experience degraded service levels, delayed decision-making, and potential compliance risks if reporting is interrupted. Although confidentiality and integrity are not directly impacted, the loss of availability can indirectly affect business operations and service delivery. The requirement for authenticated access limits exploitation to insiders or compromised accounts, but this also means insider threats or phishing attacks could leverage this vulnerability to cause disruption. The absence of known exploits reduces immediate risk, but the medium severity score and ease of exploitation warrant proactive mitigation.
Mitigation Recommendations
1. Restrict access to SAP BusinessObjects AdminTools strictly to trusted administrators and users with a legitimate need, employing the principle of least privilege. 2. Monitor and audit user activities within AdminTools to detect unusual or suspicious query executions that could indicate exploitation attempts. 3. Implement strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise. 4. Segregate the SAP BusinessObjects environment from general user networks to limit exposure. 5. Regularly review and update user permissions to ensure no excessive privileges are granted. 6. Stay informed on SAP security advisories and apply patches or hotfixes promptly once available. 7. Consider deploying application-layer DoS protection or rate limiting on queries to AdminTools if supported. 8. Conduct internal penetration testing and vulnerability assessments focusing on SAP BI components to identify and remediate weaknesses.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- sap
- Date Reserved
- 2026-01-21T22:15:36.672Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 698aaa0c4b57a58fa1c64d64
Added to database: 2/10/2026, 3:46:20 AM
Last enriched: 2/17/2026, 9:41:46 AM
Last updated: 2/21/2026, 12:19:26 AM
Views: 16
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-27203: CWE-15: External Control of System or Configuration Setting in YosefHayim ebay-mcp
HighCVE-2026-27168: CWE-122: Heap-based Buffer Overflow in HappySeaFox sail
HighCVE-2026-27134: CWE-287: Improper Authentication in strimzi strimzi-kafka-operator
HighCVE-2026-27190: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in denoland deno
HighCVE-2026-27026: CWE-770: Allocation of Resources Without Limits or Throttling in py-pdf pypdf
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.