CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0060: Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform

6.5 CVSS

Description

SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this information to impersonate as a high privileged user causing high impact on confidentiality and integrity of the application.

Classification

CVE ID: CVE-2025-0060

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.5

Affected Products

Vendor: SAP_SE

Product: SAP BusinessObjects Business Intelligence Platform

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-12 (when was this score calculated)

References

https://me.sap.com/notes/3474398
https://url.sap/sapsecuritypatchday

Timeline

2025-01-15 00:30:47 UTC
CVE

Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform