CVE-2026-0502

MEDIUM 5.4

Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiality of the data.

Vendor	sap_se
Product	sap businessobjects business intelligence platform
Published	May 12, 2026
Last Updated	May 12, 2026

Stay Ahead of the Next One

Get instant alerts for sap_se sap businessobjects business intelligence platform

Be the first to know when new medium vulnerabilities affecting sap_se sap businessobjects business intelligence platform are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Affected Versions

SAP_SE / SAP BusinessObjects Business Intelligence Platform

ENTERPRISE 430 2025 2027

References

NVD ↗ CVE.org ↗ EPSS Data ↗

me.sap.com: https://me.sap.com/notes/3667593 url.sap: https://url.sap/sapsecuritypatchday