Home

Description

SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering the CMS completely unavailable. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.

PUBLISHED Reserved 2025-12-09 | Published 2026-02-10 | Updated 2026-02-10 | Assigner sap




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-405: Asymmetric Resource Consumption

Product status

Default status
unaffected

ENTERPRISE 430
affected

2025
affected

2027
affected

References

me.sap.com/notes/3678282

url.sap/sapsecuritypatchday

cve.org (CVE-2026-0485)

nvd.nist.gov (CVE-2026-0485)

Download JSON