CVE-2026-0502
Insufficient CSRF Protection in SAP BusinessObjects BI Platform
Publication date: 2026-05-12
Last updated on: 2026-05-12
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | businessobjects_business_intelligence_platform | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
An attacker could exploit this vulnerability to cause an authenticated user to unknowingly send unintended requests to the web server, potentially altering the integrity and availability of the application.
However, the impact is considered low, and there is no impact on the confidentiality of the data.
Can you explain this vulnerability to me?
This vulnerability is caused by insufficient Cross-Site Request Forgery (CSRF) protection in the SAP BusinessObjects Business Intelligence Platform. It allows an authenticated user to be tricked by an attacker into sending unintended requests to the web server.
The vulnerability has a low impact on the integrity and availability of the application and does not affect the confidentiality of the data.