{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T17:46:06.217","vulnerabilities":[{"cve":{"id":"CVE-2026-23689","sourceIdentifier":"cna@sap.com","published":"2026-02-10T04:16:03.500","lastModified":"2026-02-17T15:57:04.273","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected."},{"lang":"es","value":"Debido a una vulnerabilidad de consumo de recursos no controlado (denegación de servicio), un atacante autenticado con privilegios de usuario regular y acceso a la red puede invocar repetidamente un módulo de función habilitado remotamente con un parámetro de control de bucle excesivamente grande. Esto desencadena una ejecución de bucle prolongada que consume recursos excesivos del sistema, lo que podría dejar el sistema no disponible. La explotación exitosa resulta en una condición de denegación de servicio que afecta la disponibilidad, mientras que la confidencialidad y la integridad permanecen inafectadas."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"cna@sap.com","type":"Primary","description":[{"lang":"en","value":"CWE-606"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:advanced_planning_and_optimization:713:*:*:*:*:*:*:*","matchCriteriaId":"8E303C34-3616-489F-BEA3-456E302E2D38"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:advanced_planning_and_optimization:714:*:*:*:*:*:*:*","matchCriteriaId":"82CF8FC0-AECD-4ACC-B823-45645A5B2D83"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:supply_chain_management:700:*:*:*:*:*:*:*","matchCriteriaId":"A19AC4DB-E940-46AC-9E3D-4108B3F07BC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:supply_chain_management:701:*:*:*:*:*:*:*","matchCriteriaId":"B0A1E0EC-CA14-4AA4-A798-E4E9AD59E45B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:supply_chain_management:702:*:*:*:*:*:*:*","matchCriteriaId":"D0B74ECC-DC88-4171-B091-49BD76491336"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:supply_chain_management:712:*:*:*:*:*:*:*","matchCriteriaId":"9172B1E7-CEDA-4A60-9915-E744FC1319FC"}]}]}],"references":[{"url":"https://me.sap.com/notes/3703092","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com","tags":["Vendor Advisory"]}]}}]}