CVE-2026-0490 — Missing Authorization in SE SAP Businessobjects BI Platform

CWE-862 — Missing Authorization3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 70.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects BI Platform SAP Businessobjects Business Intelligence Platform

Timeline

PublishedFeb 10

Description

SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on the confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap_se/sap_businessobjects_bi_platform2025, 2027, ENTERPRISE 430+2

▶NVDsap/businessobjects_business_intelligence_platform2025, 2027, 430+2

🔴Vulnerability Details

CVEList

Denial of service (DOS) in SAP BusinessObjects BI Platform↗2026-02-10

▶

GHSA

GHSA-chrf-wqq3-mxvp: SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authent↗2026-02-10

▶