CVE-2026-44755
- EPSS 0.11%
- Veröffentlicht 09.06.2026 00:21:39
- Zuletzt bearbeitet 09.06.2026 02:08:28
SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not af...
CVE-2026-44743
- EPSS 0.19%
- Veröffentlicht 09.06.2026 00:20:26
- Zuletzt bearbeitet 09.06.2026 02:08:28
Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availabi...
CVE-2026-0502
- EPSS 0.12%
- Veröffentlicht 12.05.2026 02:19:08
- Zuletzt bearbeitet 12.05.2026 14:19:41
Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the a...
CVE-2026-27683
- EPSS 0.19%
- Veröffentlicht 14.04.2026 00:08:15
- Zuletzt bearbeitet 17.04.2026 15:18:16
SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restr...
CVE-2026-24318
- EPSS 0.17%
- Veröffentlicht 14.04.2026 00:06:18
- Zuletzt bearbeitet 17.04.2026 15:18:16
Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the applica...
CVE-2026-24325
- EPSS 0.19%
- Veröffentlicht 10.02.2026 03:04:30
- Zuletzt bearbeitet 17.02.2026 15:14:43
SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets exec...
CVE-2026-24324
- EPSS 0.34%
- Veröffentlicht 10.02.2026 03:04:21
- Zuletzt bearbeitet 17.02.2026 15:15:09
SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially...
CVE-2026-0508
- EPSS 0.28%
- Veröffentlicht 10.02.2026 03:01:41
- Zuletzt bearbeitet 17.02.2026 16:06:15
The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unv...
CVE-2026-0490
- EPSS 0.36%
- Veröffentlicht 10.02.2026 03:01:20
- Zuletzt bearbeitet 17.02.2026 16:06:59
SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high...
CVE-2026-0485
- EPSS 0.4%
- Veröffentlicht 10.02.2026 03:00:49
- Zuletzt bearbeitet 17.02.2026 16:11:42
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could...