Description
SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the data of the application.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Affected products
- SAP_SE / SAP BusinessObjects Business Intelligence PlatformENTERPRISE 420 – ENTERPRISE 420
- SAP_SE / SAP BusinessObjects Business Intelligence Platform430 – 430
- SAP_SE / SAP BusinessObjects Business Intelligence Platform2025 – 2025