CVE-2026-0490

Summary

SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on the confidentiality and integrity.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP BusinessObjects BI PlatformENTERPRISE 430affected
SAP_SESAP BusinessObjects BI Platform2025affected
SAP_SESAP BusinessObjects BI Platform2027affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References