SAP Financial Consolidation Session Termination Vulnerability Allowing Denial-of-Service

A vulnerability in SAP Financial Consolidation allows authenticated attackers to temporarily disconnect other users by terminating their sessions, which can lead to a denial-of-service condition. This disruption prevents the affected users from accessing the application. However, the vulnerability does not compromise the application itself, resulting in a low impact on availability. Additionally, there is no effect on the confidentiality or integrity of the data.

Impact

Exploitation of this vulnerability causes a temporary denial-of-service condition by disconnecting users and preventing them from accessing the application.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, where users can find the complete list of security notes and prioritize their implementation.