Description
SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrity, and no impact to availability.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- SAP_SE / SAP BusinessObjects Business Intelligence PlatformENTERPRISE 430 – ENTERPRISE 430
- SAP_SE / SAP BusinessObjects Business Intelligence Platform2025 – 2025
- SAP_SE / SAP BusinessObjects Business Intelligence Platform2027 – 2027