← voltar
CVE-2026-0508

Open Redirect vulnerability in SAP BusinessObjects Business Intelligence Platform

CVSS 7.3 HIGHEPSS 0.3%CWE-601
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
10 fev 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled domain and subsequently download the malicious content. This vulnerability has a high impact on the confidentiality and integrity of the application, with no effect on the availability of the application.
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
Produtos afetados
SAP_SE · SAP BusinessObjects Business Intelligence Platform

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3674246https://url.sap/sapsecuritypatchday