CVE-2026-0485
Undergoing Analysis Undergoing Analysis - In Progress
Denial of Service in SAP BusinessObjects CMS via Crafted Requests

Publication date: 2026-02-10

Last updated on: 2026-02-17

Assigner: SAP SE

Description
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering the CMS completely unavailable. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-17
Generated
2026-06-16
AI Q&A
2026-02-10
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0485
EUVD
EUVD-2026-6884
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
sap businessobjects_business_intelligence_platform 430
sap businessobjects_business_intelligence_platform 2025
sap businessobjects_business_intelligence_platform 2027
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-405 The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the SAP BusinessObjects BI Platform, where an unauthenticated attacker can send specially crafted requests to the Content Management Server (CMS). These requests can cause the CMS to crash and automatically restart.

By repeatedly sending these malicious requests, the attacker can cause a persistent disruption of the service, making the CMS completely unavailable.

Impact Analysis

The primary impact of this vulnerability is on the availability of the SAP BusinessObjects BI Platform's Content Management Server.

An attacker can cause the CMS to crash repeatedly, leading to persistent service disruption and rendering the CMS completely unavailable.

Confidentiality and integrity of the system are not affected by this vulnerability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0485. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart