3.7
CVE-2026-44743
- EPSS 0.19%
- Veröffentlicht 09.06.2026 00:20:26
- Zuletzt bearbeitet 09.06.2026 02:08:28
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
Security Misconfiguration vulnerability in SAP Business Objects
Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSAP_SE
≫
Produkt
SAP Business Objects
Default Statusunaffected
Version
ENTERPRISE 430
Status
affected
Version
2025
Status
affected
Version
2027
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.085 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@sap.com | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
https://url.sap/sapsecuritypatchday
https://me.sap.com/notes/3706000