CVE-2026-0508

HIGH

SAP BusinessObjects - Open Redirect

Title source: llm

Description

The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled domain and subsequently download the malicious content. This vulnerability has a high impact on the confidentiality and integrity of the application, with no effect on the availability of the application.

References (2)

[Permissions Required] https://me.sap.com/notes/3674246

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 7.3

EPSS 0.0001

EPSS Percentile 2.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-601

Status published

Products (3)

sap/businessobjects_business_intelligence_platform 430

sap/businessobjects_business_intelligence_platform 2025

sap/businessobjects_business_intelligence_platform 2027

Published Feb 10, 2026

Tracked Since Feb 18, 2026