CVE-2025-0061

Published Jan 14, 2025

Last updated 8 days ago

CVSS high 8.7

Overview

Description: SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the data of the application.
Source: cna@sap.com
NVD status: Analyzed
Products: businessobjects_business_intelligence_platform

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: CRITICAL

Weaknesses

cna@sap.com: CWE-497

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:420:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8F5EEB7-5ED5-4887-9691-0455B54A74C5"
          },
          {
            "criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AA1BB94-FF0C-4D4D-A8EC-F0D8505B966C"
          },
          {
            "criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2025:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12840D95-CE8E-40FB-9B73-DEBF78384B30"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References