An authenticated attacker can trigger a Denial of Service in SAP software by exploiting uncontrolled resource consumption within a remote-enabled function module.

This is an uncontrolled resource consumption vulnerability. An authenticated attacker with regular user privileges can repeatedly execute a specific remote-enabled function module using an oversized loop-control parameter, exhausting system CPU or memory resources.

A CVSS score of 7.7 reflects the high impact on system availability. By exploiting this flaw, a disgruntled employee or an attacker with compromised credentials can crash the SAP application server or render it unresponsive. This leads to system downtime, preventing business-critical transactions and potentially impacting the entire supply chain or financial reporting structure.

Immediate Action: Apply the vendor's security patches to the affected SAP components to implement proper bounds checking on loop-control parameters.

Proactive Monitoring: Configure SAP workload monitors to alert on long-running work processes or sudden spikes in resource consumption tied to specific RFC function modules.

Compensating Controls: Implement RFC quotas and limit the ability of non-administrative users to call remote-enabled function modules that are known to be resource-intensive.

Public Exploit Available: false

This vulnerability should be addressed with high urgency due to the potential for significant operational impact. Applying the primary remediation patch is essential to prevent authorized users from inadvertently or maliciously causing a total system outage.