CVE-2026-0502
Insufficient CSRF Protection in SAP BusinessObjects BI Platform
Publication date: 2026-05-12
Last updated on: 2026-05-12
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | businessobjects_business_intelligence_platform | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
An attacker could exploit this vulnerability to cause an authenticated user to unknowingly send unintended requests to the web server, potentially altering the integrity and availability of the application.
However, the impact is considered low, and there is no impact on the confidentiality of the data.
Can you explain this vulnerability to me?
This vulnerability is caused by insufficient Cross-Site Request Forgery (CSRF) protection in the SAP BusinessObjects Business Intelligence Platform. It allows an authenticated user to be tricked by an attacker into sending unintended requests to the web server.
The vulnerability has a low impact on the integrity and availability of the application and does not affect the confidentiality of the data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform, allowing an authenticated user to be tricked into sending unintended requests. It has low impact on integrity and availability, and no impact on confidentiality of data.
Since there is no impact on data confidentiality, the vulnerability is less likely to directly violate data protection requirements under standards like GDPR or HIPAA, which primarily focus on protecting personal and sensitive data confidentiality and privacy.
However, the low impact on integrity and availability could still pose some risk to compliance if it affects the reliability or correctness of data processing, but the provided information does not specify any direct compliance violations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, it is recommended to apply the latest security patches provided by SAP for the BusinessObjects Business Intelligence Platform.
Regularly review SAP Security Notes and updates to ensure your system is protected against known vulnerabilities.
Implement additional security measures such as validating user requests to prevent Cross-Site Request Forgery (CSRF) attacks.