CVE-2025-0061

HIGH

SAP BusinessObjects - Info Disclosure

Title source: llm

Description

SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the data of the application.

References (2)

[Permissions Required] https://me.sap.com/notes/3474398

[Patch] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 8.7

EPSS 0.0015

EPSS Percentile 35.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-497

Status published

Products (3)

sap/businessobjects_business_intelligence_platform 420

sap/businessobjects_business_intelligence_platform 430

sap/businessobjects_business_intelligence_platform 2025

Published Jan 14, 2025

Tracked Since Feb 18, 2026