Denial of service (DOS) vulnerability in SAP BusinessObjects BI Platform

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering the CMS completely unavailable. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.

Basic Information

ID CVE-2026-0485

Source sap

Published Feb 10, 2026 at 03:00

Affected Product

Vendor SAP_SE

Product SAP BusinessObjects BI Platform

Version ENTERPRISE 430

Affected Versions SAP_SE SAP BusinessObjects BI Platform ENTERPRISE 430
SAP_SE SAP BusinessObjects BI Platform 2025
SAP_SE SAP BusinessObjects BI Platform 2027

CWE Classification

CWE-405

References

{
    "lastseen": "",
    "description": "SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering the CMS completely unavailable. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.",
    "published": "2026-02-10T03:00:49.421Z",
    "modified": "2026-02-10T03:00:49.421Z",
    "type": "cve",
    "title": "Denial of service (DOS) vulnerability in SAP BusinessObjects BI Platform",
    "source": "sap",
    "references": "https://me.sap.com/notes/3678282\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2026-0485",
    "bulletinFamily": "",
    "cwe": [
        "CWE-405"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP BusinessObjects BI Platform ENTERPRISE 430\nSAP_SE SAP BusinessObjects BI Platform 2025\nSAP_SE SAP BusinessObjects BI Platform 2027",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP BusinessObjects BI Platform",
    "version": "ENTERPRISE 430",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Denial of service (DOS) vulnerability in SAP BusinessObjects BI Platform_CVE-2026-0485