CVE-2026-0502
Received Received - Intake
Insufficient CSRF Protection in SAP BusinessObjects BI Platform

Publication date: 2026-05-12

Last updated on: 2026-05-12

Assigner: SAP SE

Description
Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiality of the data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-12
Last Modified
2026-05-12
Generated
2026-06-21
AI Q&A
2026-05-12
EPSS Evaluated
2026-06-20
NVD
CVE-2026-0502
EUVD
EUVD-2026-29369
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sap businessobjects_business_intelligence_platform *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

An attacker could exploit this vulnerability to cause an authenticated user to unknowingly send unintended requests to the web server, potentially altering the integrity and availability of the application.

However, the impact is considered low, and there is no impact on the confidentiality of the data.

Executive Summary

This vulnerability is caused by insufficient Cross-Site Request Forgery (CSRF) protection in the SAP BusinessObjects Business Intelligence Platform. It allows an authenticated user to be tricked by an attacker into sending unintended requests to the web server.

The vulnerability has a low impact on the integrity and availability of the application and does not affect the confidentiality of the data.

Compliance Impact

This vulnerability involves insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform, allowing an authenticated user to be tricked into sending unintended requests. It has low impact on integrity and availability, and no impact on confidentiality of data.

Since there is no impact on data confidentiality, the vulnerability is less likely to directly violate data protection requirements under standards like GDPR or HIPAA, which primarily focus on protecting personal and sensitive data confidentiality and privacy.

However, the low impact on integrity and availability could still pose some risk to compliance if it affects the reliability or correctness of data processing, but the provided information does not specify any direct compliance violations.

Mitigation Strategies

To mitigate this vulnerability, it is recommended to apply the latest security patches provided by SAP for the BusinessObjects Business Intelligence Platform.

Regularly review SAP Security Notes and updates to ensure your system is protected against known vulnerabilities.

Implement additional security measures such as validating user requests to prevent Cross-Site Request Forgery (CSRF) attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0502. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart