Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform
CVE-2026-0502

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-0502?

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiality of the data.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform ENTERPRISE 430

SAP BusinessObjects Business Intelligence Platform 2025

SAP BusinessObjects Business Intelligence Platform 2027

References

https://me.sap.com/notes/3667593

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Dec 9, 2025

CVE-2026-0502 Data

JSON