SAP BusinessObjects BI Platform: Authenticated URL Redirection to Malicious Site
CVE-2026-0508 Published on February 10, 2026
Open Redirect vulnerability in SAP BusinessObjects Business Intelligence Platform
The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled domain and subsequently download the malicious content. This vulnerability has a high impact on the confidentiality and integrity of the application, with no effect on the availability of the application.
Vulnerability Analysis
CVE-2026-0508 is exploitable with network access, requires user interaction and user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is an Open Redirect Vulnerability?
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.
CVE-2026-0508 has been classified to as an Open Redirect vulnerability or weakness.
Products Associated with CVE-2026-0508
Want to know whenever a new CVE is published for SAP Businessobjects Business Intelligence Platform? stack.watch will email you.
Affected Versions
SAP_SE SAP BusinessObjects Business Intelligence Platform:- Version ENTERPRISE 430 is affected.
- Version 2025 is affected.
- Version 2027 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.