Vulnerability in SAP BusinessObjects Central Management Console Allows User Impersonation
CVE-2025-0064

8.7HIGH

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform (central Management Console)
Vendor: CVE Published:; 11 February 2025

Summary

The Central Management Console of the SAP BusinessObjects Business Intelligence platform presents a vulnerability where an authenticated attacker with administrative privileges can generate or retrieve a secret passphrase. This flaw potentially allows the attacker to impersonate any user within the system, threatening the confidentiality and integrity of user data without affecting system availability. Immediate remediation is advised to prevent unauthorized access.

Affected Version(s)

SAP BusinessObjects Business Intelligence platform (Central Management Console) ENTERPRISE 430

SAP BusinessObjects Business Intelligence platform (Central Management Console) 2025

References

https://me.sap.com/notes/3525794

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Dec 5, 2024