Description
The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled domain and subsequently download the malicious content. This vulnerability has a high impact on the confidentiality and integrity of the application, with no effect on the availability of the application.
References (2)
Core 2
Core References
Permissions Required
https://me.sap.com/notes/3674246
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
7.3
EPSS
0.0028
EPSS Percentile
19.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-601
Status
published
Products (3)
sap/businessobjects_business_intelligence_platform
430
sap/businessobjects_business_intelligence_platform
2025
sap/businessobjects_business_intelligence_platform
2027
Published
Feb 10, 2026
Tracked Since
Feb 18, 2026