CVE-2026-0508

{"id": "CVE-2026-0508", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.7}]}, "published": "2026-02-10T04:16:02.187", "references": [{"url": "https://me.sap.com/notes/3674246", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled domain and subsequently download the malicious content. This vulnerability has a high impact on the confidentiality and integrity of the application, with no effect on the availability of the application."}, {"lang": "es", "value": "La plataforma SAP BusinessObjects Business Intelligence permite a un atacante autenticado con privilegios elevados insertar una URL maliciosa dentro de la aplicaci\u00f3n. Tras una explotaci\u00f3n exitosa, la v\u00edctima podr\u00eda hacer clic en esta URL maliciosa, lo que resultar\u00eda en una redirecci\u00f3n no validada a un dominio controlado por el atacante y, posteriormente, la descarga de contenido malicioso. Esta vulnerabilidad tiene un alto impacto en la confidencialidad y la integridad de la aplicaci\u00f3n, sin ning\u00fan efecto en la disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2026-02-17T16:06:15.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "8354981E-4A5F-4E5E-AF3A-283D5922DF90"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2025:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CEEB4426-D0A6-40D4-B053-8A47E8E0700D"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2027:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C532D05D-B06C-4BAB-84D1-5127F3A78977"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}