MEDIUM SeverityCVSS 3.15.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CVE-2026-0502

Last updated May 12, 2026 · Published May 12, 2026

Description

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiality of the data.

Affected products

1 listed

SAP_SE:SAP BusinessObjects Business Intelligence Platform

Mappings

CWE

CWE-352

CAPEC

None listed.

Research

Cross-site request forgery (CSRF): how it works and how to defend itCross-site request forgery (CSRF) lets attackers reuse a victim's session cookie from another site. SameSite…
Session management: secure cookies, rotation, and lifetimeSession management is the spine of authenticated web apps. Use HttpOnly, Secure, SameSite cookies, rotate on…

Guides

Secure session management: cookies, tokens, rotation, and logoutSecure session management means HttpOnly Secure cookies, rotation on privilege change, idle and absolute…

Training

Session ManagementTokens, cookies, and state - keeping sessions secure in stateless architectures.

CVE-2026-0502

Description

Affected products

Mappings

Related