Description
SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on the confidentiality and integrity.
Published: 2026-02-10
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

SAP BusinessObjects BI Platform contains a vulnerability that permits an unauthenticated attacker to craft a specific network request to a trusted endpoint, causing the authentication mechanism to fail and preventing legitimate users from accessing the system. The weakness is a missing authorization check, classified as CWE‑862. The result is a denial of available service, while confidentiality and integrity remain unaffected.

Affected Systems

The affected products are SAP BusinessObjects BI Platform in its enterprise edition for versions 2025, 2027, and 430. No specific minor or patch levels are listed, implying that all releases of these major versions may be vulnerable.

Risk and Exploitability

The CVSS score of 7.5 categorizes this vulnerability as High. The EPSS score of less than 1% indicates that exploitation is currently unlikely. It is not listed in CISA's KEV catalog. The likely attack vector is from any network that can reach the trusted endpoint, as the vulnerability does not require authentication and can be triggered by a crafted request. A successful exploit would deny system availability and disrupt business operations.

Generated by OpenCVE AI on April 18, 2026 at 12:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the SAP security patch referenced in SAP Note 3654236 or any subsequent update that addresses the authentication failure in BusinessObjects BI Platform.
  • If a patch is not immediately available, restrict access to the trusted endpoint by implementing network segmentation or firewall rules that limit connections to trusted IP ranges only.
  • Monitor system logs for authentication failures and availability disruptions to detect any exploitation attempts.

Generated by OpenCVE AI on April 18, 2026 at 12:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Sap businessobjects Business Intelligence Platform
CPEs cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2025:*:*:*:enterprise:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2027:*:*:*:enterprise:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:enterprise:*:*:*
Vendors & Products Sap businessobjects Business Intelligence Platform

Tue, 10 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Sap
Sap businessobjects Bi Platform
Vendors & Products Sap
Sap businessobjects Bi Platform

Tue, 10 Feb 2026 03:45:00 +0000

Type Values Removed Values Added
Description SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on the confidentiality and integrity.
Title Denial of service (DOS) in SAP BusinessObjects BI Platform
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Sap Businessobjects Bi Platform Businessobjects Business Intelligence Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published:

Updated: 2026-02-10T16:34:13.825Z

Reserved: 2025-12-09T22:06:33.611Z

Link: CVE-2026-0490

cve-icon Vulnrichment

Updated: 2026-02-10T16:34:09.559Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T04:16:01.873

Modified: 2026-02-17T16:06:59.097

Link: CVE-2026-0490

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T13:00:08Z

Weaknesses