CVE-2026-0490
7.5 HIGHPublished 2026-02-10 · Modified 2026-02-10 · Received
Quick Summary
A flaw in SAP BusinessObjects BI Platform allows an unauthenticated attacker on the network to send a specially crafted request that blocks legitimate users from logging in. This causes a denial-of-service by breaking the authentication system.
Who is affected
All unpatched SAP BusinessObjects BI Platform instances accessible over a network are affected. An attacker can disrupt business operations by preventing all authorized users from accessing the platform.
Recommended fix
Apply the relevant SAP Security Note or patch provided by SAP. As an immediate mitigation, restrict network access to the platform's trusted endpoints if possible.
Technical Description
SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on the confidentiality and integrity.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
CWE-862