CVE-2026-0502— Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform
Affected Version Matrix 3
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP BusinessObjects Business Intelligence Platform | ENTERPRISE 430 | affected |
2025 | affected | ||
2027 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-0502
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform
Source: NVD (National Vulnerability Database)
Vulnerability Description
Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiality of the data.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP BusinessObjects Business Intelligence Platform 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP BusinessObjects Business Intelligence Platform是德国思爱普(SAP)公司的一款完备的商务分析平台。该平台集市场领先的 SAP 数据整合产品、数据管理产品和商务智能 (BI) 产品于一身,可消除系统集成难题,快速、轻松地部署高性能的商务分析软件。 SAP BusinessObjects Business Intelligence Platform存在跨站请求伪造漏洞,该漏洞源于CSRF保护不足,可能导致经过身份验证的用户被攻击者欺骗向Web服务器发送意外
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP_SE | SAP BusinessObjects Business Intelligence Platform | ENTERPRISE 430 | - |
II. Public POCs for CVE-2026-0502
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-0502
请登录查看更多情报信息。
Same Patch Batch · SAP_SE · 2026-05-12 · 14 CVEs total
| CVE-2026-34263 | 9.6 CRITICAL | Missing authentication check in SAP Commerce cloud configuration |
| CVE-2026-34260 | 9.6 CRITICAL | SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP) |
| CVE-2026-34259 | 8.2 HIGH | OS Command Injection Vulnerability in SAP Forecasting & Replenishment |
| CVE-2026-40135 | 6.5 MEDIUM | OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP P |
| CVE-2026-40133 | 6.3 MEDIUM | Missing Authorization check in SAP S/4HANA Condition Maintenance |
| CVE-2026-40137 | 6.1 MEDIUM | Cross-Site Scripting (XSS) vulnerability in Business Server Pages Application (TAF_APPLAUN |
| CVE-2026-40132 | 5.4 MEDIUM | Missing Authorization Check in SAP Strategic Enterprise Management (BSP application Balanc |
| CVE-2026-27682 | 4.7 MEDIUM | Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABA |
| CVE-2026-34258 | 4.7 MEDIUM | Content Spoofing vulnerability in SAPUI5 (Search UI) |
| CVE-2026-40136 | 4.3 MEDIUM | Denial of service (DoS) in SAP Financial Consolidation |
| CVE-2026-40129 | 4.3 MEDIUM | Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Pla |
| CVE-2026-40134 | 4.3 MEDIUM | Missing Authorization Check in SAP Incentive and Commission Management |
| CVE-2026-40131 | 3.4 LOW | SQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy library |
IV. Related Vulnerabilities
Same product: SAP BusinessObjects Business Intelligence Platform
- CVE-2026-27683
Reflected cross site scripting vulnerability in SAP Business - CVE-2026-24318
Insecure Session Management vulnerability in SAP BusinessObj - CVE-2026-0508
Open Redirect vulnerability in SAP BusinessObjects Business - CVE-2025-42896
Server-Side Request Forgery (SSRF) in SAP BusinessObjects Bu - CVE-2025-31332
Insecure File permissions vulnerability in SAP BusinessObjec
Same vendor: SAP_SE
- CVE-2026-27680
CSS Injection vulnerability in SAP NetWeaver Application Ser - CVE-2026-40137
Cross-Site Scripting (XSS) vulnerability in Business Server - CVE-2026-40136
Denial of service (DoS) in SAP Financial Consolidation - CVE-2026-40135
OS Command Injection vulnerability in SAP NetWeaver Applicat - CVE-2026-40134
Missing Authorization Check in SAP Incentive and Commission
Same weakness: CWE-352
V. Comments for CVE-2026-0502
No comments yet