JavaScript Injection Vulnerability in SAP BusinessObjects Business Intelligence
CVE-2026-27683

4.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-27683?

The SAP BusinessObjects Business Intelligence application is susceptible to a JavaScript injection vulnerability, which allows an authenticated attacker to craft malicious URLs. When a victim clicks on the provided URL, the embedded script executes within their browser, potentially compromising user confidentiality by exposing restricted information. Although this vulnerability poses a minimal risk to the integrity and availability of the system, it highlights the necessity for robust security measures to mitigate such exploits.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform ENTERPRISE 430

SAP BusinessObjects Business Intelligence Platform 2025

SAP BusinessObjects Business Intelligence Platform 2027

References

https://me.sap.com/notes/3698216

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Feb 23, 2026

CVE-2026-27683 Data

JSON