SAP Businessobjects Bi Platform
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in SAP Businessobjects Bi Platform.
By the Year
In 2026 there have been 2 vulnerabilities in SAP Businessobjects Bi Platform with an average score of 7.5 out of ten. Businessobjects Bi Platform did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 7.50 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 5.40 |
| 2018 | 3 | 5.83 |
It may take a day or so for new Businessobjects Bi Platform vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SAP Businessobjects Bi Platform Security Vulnerabilities
Availability outage in SAP BO BI Platform via Trusted Endpoint auth bypass
CVE-2026-0490
7.5 - High
- February 10, 2026
SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on the confidentiality and integrity.
AuthZ
Unauthenticated CMS Crash (CVE-2026-0485) in SAP BusinessObjects BI Platform
CVE-2026-0485
7.5 - High
- February 10, 2026
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering the CMS completely unavailable. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.
Amplification
SAP WebIntelligence BILaunchPad
CVE-2019-0262
5.4 - Medium
- February 15, 2019
SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability.
XSS
SAP BusinessObjects Business Intelligence Platform (BIWorkspace)
CVE-2018-2479
6.1 - Medium
- November 13, 2018
SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
XSS
In the Software Development Kit in SAP BusinessObjects BI Platform Servers
CVE-2018-2467
5.3 - Medium
- October 09, 2018
In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server.
SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs
CVE-2018-2472
6.1 - Medium
- October 09, 2018
SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SAP Businessobjects Bi Platform or by SAP? Click the Watch button to subscribe.
