4.1
CVE-2026-27683
- EPSS 0.03%
- Veröffentlicht 14.04.2026 00:08:15
- Zuletzt bearbeitet 17.04.2026 15:18:16
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
Reflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform
SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact on confidentiality with no impact on integrity and availability.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSAP_SE
≫
Produkt
SAP BusinessObjects Business Intelligence Platform
Default Statusunaffected
Version
ENTERPRISE 430
Status
affected
Version
2025
Status
affected
Version
2027
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.101 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@sap.com | 4.1 | 2.3 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.