Home

Description

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiality of the data.

PUBLISHED Reserved 2025-12-09 | Published 2026-05-12 | Updated 2026-05-12 | Assigner sap




MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Problem types

CWE-352: Cross-Site Request Forgery

Product status

Default status
unaffected

ENTERPRISE 430
affected

2025
affected

2027
affected

References

me.sap.com/notes/3667593

url.sap/sapsecuritypatchday

cve.org (CVE-2026-0502)

nvd.nist.gov (CVE-2026-0502)

Download JSON