Description
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering the CMS completely unavailable. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.
Published: 2026-02-10
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

SAP BusinessObjects BI Platform exposes a Content Management Server component that can be targeted by an unauthenticated attacker through specially crafted requests. These requests trigger a crash, causing the server to automatically restart. When the attacker repeats the attack, the CMS can be forced into a repeated crash‑restart loop, leading to a persistent outage. The vulnerability has a high impact on availability, while confidentiality and integrity remain unaffected.

Affected Systems

The affected product is SAP BusinessObjects BI Platform. Version information inferred from the listed CPE entries indicates the vulnerability exists in the 2025, 2027, and 430 Enterprise editions of the platform. No other versions are explicitly identified as affected.

Risk and Exploitability

The CVSS score of 7.5 classifies this defect as high severity, and the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not part of the CISA known exploited vulnerabilities catalog. Attackers can exploit the flaw remotely with no authentication, from any network able to reach the CMS endpoints. Successful exploitation results in denial of service and prolonged unavailability of the platform.

Generated by OpenCVE AI on April 17, 2026 at 21:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch for SAP BusinessObjects BI Platform as provided in SAP Security Patch Day (see note 3678282).
  • If patching cannot occur immediately, restrict external access to the Content Management Server by configuring firewall rules to allow only trusted IP addresses.
  • Configure alerts and monitor system logs for repeated request patterns or abnormal traffic that may indicate an ongoing denial‑of‑service attempt.

Generated by OpenCVE AI on April 17, 2026 at 21:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Sap businessobjects Business Intelligence Platform
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2025:*:*:*:enterprise:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2027:*:*:*:enterprise:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:enterprise:*:*:*
Vendors & Products Sap businessobjects Business Intelligence Platform

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Sap
Sap businessobjects Bi Platform
Vendors & Products Sap
Sap businessobjects Bi Platform

Tue, 10 Feb 2026 03:45:00 +0000

Type Values Removed Values Added
Description SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering the CMS completely unavailable. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.
Title Denial of service (DOS) vulnerability in SAP BusinessObjects BI Platform
Weaknesses CWE-405
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Sap Businessobjects Bi Platform Businessobjects Business Intelligence Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published:

Updated: 2026-02-10T15:13:19.015Z

Reserved: 2025-12-09T22:06:29.196Z

Link: CVE-2026-0485

cve-icon Vulnrichment

Updated: 2026-02-10T15:13:13.097Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T04:16:01.387

Modified: 2026-02-17T16:11:42.843

Link: CVE-2026-0485

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:15:27Z

Weaknesses