Description
SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability.
References (2)
Core 2
Core References
Permissions Required
https://me.sap.com/notes/3557469
Scores
CVSS v3
5.4
EPSS
0.0011
EPSS Percentile
29.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
sap/businessobjects_business_intelligence_platform
430
sap/businessobjects_business_intelligence_platform
2025
Published
Mar 11, 2025
Tracked Since
Feb 18, 2026