CVE-2026-0485

CWE-4053 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 81.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects BI Platform SAP Businessobjects Business Intelligence Platform

Timeline

PublishedFeb 10

Description

SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering the CMS completely unavailable. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap_se/sap_businessobjects_bi_platform2025, 2027, ENTERPRISE 430+2

▶NVDsap/businessobjects_business_intelligence_platform2025, 2027, 430+2

🔴Vulnerability Details

GHSA

GHSA-97xg-2mgm-r8gr: SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (↗2026-02-10

▶

CVEList

Denial of service (DOS) vulnerability in SAP BusinessObjects BI Platform↗2026-02-10

▶