CVE-2025-0064

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 81.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform (central Management Console)SAP Businessobjects Business Intelligence Platform

Timeline

PublishedFeb 11

Description

Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high impact on confidentiality and integrity, with no impact on availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:NExploitability: 2.3 | Impact: 5.8

Affected Packages2 packages

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform_(central_management_console)2025, ENTERPRISE 430+1

▶NVDsap/businessobjects_business_intelligence_platform2025, 430+1

Patches

Patch: url.sap ↗

🔴Vulnerability Details

CVEList

Improper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console)↗2025-02-11

▶

GHSA

GHSA-r7pm-3rhw-gv3g: Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin righ↗2025-02-11

▶