Server-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence Platform

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Description

SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrity, and no impact to availability.

Basic Information

ID CVE-2025-42896

Source sap

Published Dec 9, 2025 at 02:15

Affected Product

Vendor SAP_SE

Product SAP BusinessObjects Business Intelligence Platform

Version ENTERPRISE 430

Affected Versions SAP_SE SAP BusinessObjects Business Intelligence Platform ENTERPRISE 430
SAP_SE SAP BusinessObjects Business Intelligence Platform 2025
SAP_SE SAP BusinessObjects Business Intelligence Platform 2027

CWE Classification

CWE-116

References

{
    "lastseen": "",
    "description": "SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrity, and no impact to availability.",
    "published": "2025-12-09T02:15:28.146Z",
    "modified": "2025-12-09T02:15:28.146Z",
    "type": "cve",
    "title": "Server-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence Platform",
    "source": "sap",
    "references": "https://me.sap.com/notes/3651390\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42896",
    "bulletinFamily": "",
    "cwe": [
        "CWE-116"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP BusinessObjects Business Intelligence Platform ENTERPRISE 430\nSAP_SE SAP BusinessObjects Business Intelligence Platform 2025\nSAP_SE SAP BusinessObjects Business Intelligence Platform 2027",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP BusinessObjects Business Intelligence Platform",
    "version": "ENTERPRISE 430",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Server-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence Platform_CVE-2025-42896