HIGH✓ PATCH🇬🇧 English

CVE-2026-0485

CVSS 7.5v3.1pub. 2026-02-10upd. 2026-02-17

SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering the CMS completely unavailable. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Sap Businessobjects Business Intelligence Platform

    APP
    Sap
    20252027430
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2023-0022CRITICAL9.9ten sam produkt

SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject...

CVE-2023-0018CRITICAL10.0ten sam produkt

Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platf...

CVE-2020-26831CRITICAL9.6ten sam produkt

SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate upl...

CVE-2020-6294CRITICAL9.1ten sam produkt

Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not pe...

CVE-2020-6242CRITICAL9.8ten sam produkt

SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, all...