7.7
CVE-2026-23689
- EPSS 0.09%
- Veröffentlicht 10.02.2026 03:03:09
- Zuletzt bearbeitet 17.02.2026 15:57:04
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
LoginDue to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Advanced Planning And Optimization Version713
SAP ≫ Advanced Planning And Optimization Version714
SAP ≫ Supply Chain Management Version700
SAP ≫ Supply Chain Management Version701
SAP ≫ Supply Chain Management Version702
SAP ≫ Supply Chain Management Version712
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.256 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.7 | 3.1 | 4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
|
| cna@sap.com | 7.7 | 3.1 | 4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
|
CWE-606 Unchecked Input for Loop Condition
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.