CVE-2026-24324 — Vulnetix

CVE-2026-24324 PUBLISHED CVSS 6.5 MEDIUM

SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially or completely unavailable and resulting in the denial of service of the Content Management Server (CMS). Successful exploitation impacts system availability, while confidentiality and integrity remain unaffected.

EPSS 0.02% · 5.9th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.02%

5.9th percentile

Affected Products

Vendor	Product	Versions
sap	businessobjects_business_intelligence_platform	2025, 2027, 430
SAP_SE	SAP BusinessObjects Business Intelligence Platform (AdminTools)	ENTERPRISE 430, 2025, 2027

Exploit Intelligence

https://me.sap.com/notes/3695912 (circl)
https://url.sap/sapsecuritypatchday (circl)

Timeline

Feb 10, 2026 CVE Published
Feb 10, 2026 EPSS Score
Feb 12, 2026 EPSS Score
Feb 14, 2026 EPSS Score
Feb 16, 2026 EPSS Score
Feb 18, 2026 EPSS Score
Feb 20, 2026 EPSS Score
Feb 22, 2026 EPSS Score
Feb 24, 2026 EPSS Score
Feb 26, 2026 EPSS Score
Feb 28, 2026 EPSS Score
Mar 2, 2026 EPSS Score

References

Open in Interactive Console →