{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T18:49:17.650","vulnerabilities":[{"cve":{"id":"CVE-2026-0508","sourceIdentifier":"cna@sap.com","published":"2026-02-10T04:16:02.187","lastModified":"2026-02-17T16:06:15.913","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled domain and subsequently download the malicious content. This vulnerability has a high impact on the confidentiality and integrity of the application, with no effect on the availability of the application."},{"lang":"es","value":"La plataforma SAP BusinessObjects Business Intelligence permite a un atacante autenticado con privilegios elevados insertar una URL maliciosa dentro de la aplicación. Tras una explotación exitosa, la víctima podría hacer clic en esta URL maliciosa, lo que resultaría en una redirección no validada a un dominio controlado por el atacante y, posteriormente, la descarga de contenido malicioso. Esta vulnerabilidad tiene un alto impacto en la confidencialidad y la integridad de la aplicación, sin ningún efecto en la disponibilidad de la aplicación."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":5.8}]},"weaknesses":[{"source":"cna@sap.com","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:enterprise:*:*:*","matchCriteriaId":"8354981E-4A5F-4E5E-AF3A-283D5922DF90"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2025:*:*:*:enterprise:*:*:*","matchCriteriaId":"CEEB4426-D0A6-40D4-B053-8A47E8E0700D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2027:*:*:*:enterprise:*:*:*","matchCriteriaId":"C532D05D-B06C-4BAB-84D1-5127F3A78977"}]}]}],"references":[{"url":"https://me.sap.com/notes/3674246","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com","tags":["Vendor Advisory"]}]}}]}