Description
Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application.
Published: 2026-06-09
Score: 3.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an unauthorized attacker to reach a specific endpoint within the SAP Business Objects application and obtain sensitive information. This results in a low level compromise of confidentiality, while integrity and availability remain unaffected. The weakness arises from a security misconfiguration (CWE‑497). The likely attack vector is inferred to be an unauthenticated or poorly authenticated HTTP request to the misconfigured endpoint, because the description states the attacker must access a particular endpoint that is not properly protected.

Affected Systems

This issue affects the SAP Business Objects product from SAP. No specific versions are listed in the CNA data, so any deployment of SAP Business Objects that includes the affected endpoint could potentially be vulnerable.

Risk and Exploitability

The CVSS score of 3.7 classifies the risk as low, and the vulnerability is not listed in the CISA KEV catalog. Because EPSS data is not available, the likelihood of exploitation cannot be quantified, but the need to access a particular endpoint suggests that an attacker would first need to bypass normal authentication controls or exploit a misconfiguration that allows unauthenticated requests. Given the limited scope and low confidentiality impact, the overall risk to an organization is modest, although the presence of misconfigured endpoints should be remedied promptly.

Generated by OpenCVE AI on June 9, 2026 at 03:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply SAP Note 3706000 patch or upgrade to the latest release that rectifies the misconfigured endpoint.
  • Configure firewalls or application controls to prevent unauthenticated requests to the affected endpoint, ensuring that only authorized users can access it.
  • Monitor access logs for attempts to reach the vulnerable endpoint and investigate any unauthorized activity.

Generated by OpenCVE AI on June 9, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Sap
Sap business Objects
Vendors & Products Sap
Sap business Objects

Tue, 09 Jun 2026 01:15:00 +0000

Type Values Removed Values Added
Description Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application.
Title Security Misconfiguration vulnerability in SAP Business Objects
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Sap Business Objects
cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published:

Updated: 2026-06-09T13:20:46.186Z

Reserved: 2026-05-07T18:16:34.194Z

Link: CVE-2026-44743

cve-icon Vulnrichment

Updated: 2026-06-09T13:20:42.467Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T01:16:46.187

Modified: 2026-06-09T02:08:28.150

Link: CVE-2026-44743

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T08:45:37Z

Weaknesses