8.1
CVE-2026-0508
- EPSS 0.01%
- Veröffentlicht 10.02.2026 03:01:41
- Zuletzt bearbeitet 17.02.2026 16:06:15
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled domain and subsequently download the malicious content. This vulnerability has a high impact on the confidentiality and integrity of the application, with no effect on the availability of the application.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Businessobjects Business Intelligence Platform Version430 SwEditionenterprise
SAP ≫ Businessobjects Business Intelligence Platform Version2025 SwEditionenterprise
SAP ≫ Businessobjects Business Intelligence Platform Version2027 SwEditionenterprise
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.015 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 1.7 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
|
| cna@sap.com | 7.3 | 1 | 5.8 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.