Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected.
Weakness
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Advanced_planning_and_optimization | Sap | 713 (including) | 713 (including) |
| Advanced_planning_and_optimization | Sap | 714 (including) | 714 (including) |
| Supply_chain_management | Sap | 700 (including) | 700 (including) |
| Supply_chain_management | Sap | 701 (including) | 701 (including) |
| Supply_chain_management | Sap | 702 (including) | 702 (including) |
| Supply_chain_management | Sap | 712 (including) | 712 (including) |