SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there is no impact on confidentiality or integrity.
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.