CVE-2025-25245

Medium CVSS: 5.4

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability.

Vendor

Sap

Product

Businessobjects Business Intelligence Platform

CWE

CWE-79

Yayın Tarihi

2025-03-11 01:15:35

Güncelleme

2025-10-24 18:41:16

Source Identifier

cna@sap.com

KEV Date Added

Kategoriler

CWE-79 Businessobjects Business Intelligence Platform MEDIUM Sap 2025

Referanslar

https://me.sap.com/notes/3557469 https://url.sap/sapsecuritypatchday

Benzer Kayıtlar

Medium

CVE-2026-24314

Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which…

Medium

CVE-2026-24327

Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages),…

Medium

CVE-2026-24328

SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when cli…

Medium

CVE-2026-24325

SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripti…

Medium

CVE-2026-24326

Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker w…

Medium

CVE-2026-24321

SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these op…