SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially or completely unavailable and resulting in the denial of service of the Content Management Server (CMS). Successful exploitation impacts system availability, while confidentiality and integrity remain unaffected.
Weakness
The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary’s influence is “asymmetric.”
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Businessobjects_business_intelligence_platform | Sap | 430 (including) | 430 (including) |
| Businessobjects_business_intelligence_platform | Sap | 2025 (including) | 2025 (including) |
| Businessobjects_business_intelligence_platform | Sap | 2027 (including) | 2027 (including) |