Description
Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiality of the data.
Published: 2026-05-12
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an insufficient CSRF protection in the SAP BusinessObjects Business Intelligence Platform. An attacker could trick an authenticated user into sending unintended requests to the web server. The impact is limited to integrity and availability, with no effect on confidentiality.

Affected Systems

The affected platform is SAP BusinessObjects Business Intelligence Platform, as identified by SAP SE. Specific version details are not listed in the current entry.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate severity. EPSS information is not available, and the issue is not currently listed in the CISA KEV catalog. The likely attack vector is through web‑based, cross‑site requests where an authenticated user’s session is exploited, requiring the victim to be logged in and authorized to perform the desired actions.

Generated by OpenCVE AI on May 12, 2026 at 04:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply SAP Security Patch Note 3667593 to restore CSRF protection.
  • Verify that the application enforces CSRF tokens and same‑origin policy for state‑changing requests.
  • If the patch cannot be applied immediately, limit user permissions or disable cross‑site request capabilities while monitoring for suspicious activity.

Generated by OpenCVE AI on May 12, 2026 at 04:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 05:45:00 +0000

Type Values Removed Values Added
First Time appeared Sap Se
Sap Se sap Business Objects Business Intelligence Platform
Vendors & Products Sap Se
Sap Se sap Business Objects Business Intelligence Platform

Tue, 12 May 2026 03:00:00 +0000

Type Values Removed Values Added
Description Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiality of the data.
Title Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L'}

Subscriptions

Sap Se Sap Business Objects Business Intelligence Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published:

Updated: 2026-05-12T13:04:41.328Z

Reserved: 2025-12-09T22:06:42.932Z

Link: CVE-2026-0502

cve-icon Vulnrichment

Updated: 2026-05-12T13:04:37.913Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T03:16:10.480

Modified: 2026-05-12T14:19:41.400

Link: CVE-2026-0502

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T05:30:08Z

Weaknesses