CVE-2026-0502 PUBLISHED

Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform

Assigner: sap
Reserved: 09.12.2025 Published: 12.05.2026 Updated: 12.05.2026

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiality of the data.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CVSS Score: 5.4

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	Required	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAP BusinessObjects Business Intelligence Platform
Versions	Default: unaffected Version ENTERPRISE 430 is affected Version 2025 is affected Version 2027 is affected

CVE-2026-0502 PUBLISHED

Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform

Metrics

Product Status

References

Problem Types