SAP Business Planning and Consolidation Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in SAP Business Planning and Consolidation. This issue allows an authenticated standard user to invoke a function module by sending specific parameters that create a loop, leading to excessive resource consumption and causing the system to become unavailable. While this vulnerability significantly impacts the application's availability, it does not affect confidentiality or integrity.

Impact

Exploitation of this vulnerability causes a loop that consumes excessive resources, resulting in system unavailability.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically in the Security Notes section. For details on the SAP Security Patch Day and how to access Security Notes, refer to the SAP Security Notes FAQ.