CVE-2026-23689— Denial of service (DOS) in SAP Supply Chain Management
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-23689
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of service (DOS) in SAP Supply Chain Management
Source: NVD (National Vulnerability Database)
Vulnerability Description
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
循环条件输入未经检查
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP Supply Chain Management 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP Supply Chain Management是德国思爱普(SAP)公司的一个供应链管理软件。 SAP Supply Chain Management存在安全漏洞,该漏洞源于不受控制的资源消耗,可能导致经过身份验证的普通用户权限攻击者通过网络访问,使用过大的循环控制参数重复调用远程启用的函数模块,从而消耗过多系统资源,导致系统不可用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP_SE | SAP Supply Chain Management | SCMAPO 713 | - |
II. Public POCs for CVE-2026-23689
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-23689
请登录查看更多情报信息。
Same Patch Batch · SAP_SE · 2026-02-10 · 26 CVEs total
| CVE-2026-0488 | 9.9 CRITICAL | Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor) |
| CVE-2026-0509 | 9.6 CRITICAL | Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform |
| CVE-2026-23687 | 8.8 HIGH | XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform |
| CVE-2026-24322 | 7.7 HIGH | Missing Authorization check in SAP Solution Tools Plug-In (ST-PI) |
| CVE-2026-0485 | 7.5 HIGH | Denial of service (DOS) vulnerability in SAP BusinessObjects BI Platform |
| CVE-2026-0490 | 7.5 HIGH | Denial of service (DOS) in SAP BusinessObjects BI Platform |
| CVE-2026-0508 | 7.3 HIGH | Open Redirect vulnerability in SAP BusinessObjects Business Intelligence Platform |
| CVE-2026-0484 | 6.5 MEDIUM | Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA |
| CVE-2026-24324 | 6.5 MEDIUM | Denial of service (DOS) vulnerability in SAP BusinessObjects Business Intelligence Platfor |
| CVE-2026-24328 | 6.1 MEDIUM | Open Redirection vulnerability in Business Server Pages Application (TAF_APPLAUNCHER) |
| CVE-2026-0505 | 6.1 MEDIUM | Multiple vulnerabilities in BSP Applications of SAP Document Management System |
| CVE-2026-24323 | 6.1 MEDIUM | Multiple vulnerabilities in BSP Applications of SAP Document Management System |
| CVE-2026-23684 | 5.9 MEDIUM | Race condition vulnerability in SAP Commerce Cloud |
| CVE-2026-24319 | 5.8 MEDIUM | Information Disclosure Vulnerability in SAP Business One (B1 Client Memory Dump Files) |
| CVE-2026-24321 | 5.3 MEDIUM | Information Disclosure vulnerability in SAP Commerce Cloud |
| CVE-2026-24312 | 5.2 MEDIUM | Missing authorization check in SAP Business Workflow |
| CVE-2026-0486 | 5.0 MEDIUM | Missing Authorization Check in ABAP based SAP systems |
| CVE-2026-24325 | 4.8 MEDIUM | Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Manage |
| CVE-2026-23685 | 4.4 MEDIUM | Insecure Deserialization vulnerability in SAP NetWeaver (JMS service) |
| CVE-2026-23681 | 4.3 MEDIUM | Missing Authorization check in a function module in SAP Support Tools Plug-In |
Showing top 20 of 26 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: SAP_SE
- CVE-2026-34264
Information Disclosure vulnerability in SAP Human Capital Ma - CVE-2026-34262
Information Disclosure Vulnerability in SAP HANA Cockpit and - CVE-2026-34261
Missing Authorization check in SAP Business Analytics and SA - CVE-2026-34257
Open Redirect vulnerability in SAP NetWeaver Application Ser - CVE-2026-34256
Missing Authorization check in SAP ERP and SAP S/4 HANA (Pri
Same weakness: CWE-606
- CVE-2026-1519
Excessive NSEC3 iterations cause high CPU load during insecu - CVE-2019-25624
Liquid Studio 2.17 Denial of Service via Malformed Input - CVE-2026-27689
Denial of service (DOS) in SAP Supply Chain Management - CVE-2025-43801
Liferay Portal和Liferay DXP 安全漏洞 - CVE-2025-42930
Denial of Service (DoS) vulnerability in SAP Business Planni
V. Comments for CVE-2026-23689
No comments yet