SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering the CMS completely unavailable. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.
Weakness
The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary’s influence is “asymmetric.”
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Businessobjects_business_intelligence_platform | Sap | 430 (including) | 430 (including) |
| Businessobjects_business_intelligence_platform | Sap | 2025 (including) | 2025 (including) |
| Businessobjects_business_intelligence_platform | Sap | 2027 (including) | 2027 (including) |