Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application.
AnalysisAI
SAP Business Objects exposes sensitive information through a specific network-accessible endpoint when high-complexity preconditions are met, exploitable by unauthenticated remote attackers. Classified as CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere), the flaw carries a CVSS score of 3.7 (Low) with impact limited strictly to partial confidentiality loss - integrity and availability are unaffected. No public exploit has been identified at time of analysis, and no active exploitation has been confirmed.
Technical ContextAI
SAP Business Objects is SAP's enterprise business intelligence and analytics platform, widely deployed in large-scale enterprise environments. The root cause is CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere - meaning the application inadvertently returns internal system data (such as configuration details, internal paths, or application state) through a specific endpoint response under triggerable conditions. The CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) confirms the vulnerability is reachable over the network without authentication, but requires high attack complexity to trigger, implying specific environmental, temporal, or application-state prerequisites. No CPE strings were provided in the available intelligence; exact affected component versions must be resolved via SAP Security Note 3706000.
RemediationAI
Apply the fix detailed in SAP Security Note 3706000 (https://me.sap.com/notes/3706000), following SAP's Security Patch Day guidance at https://url.sap/sapsecuritypatchday. The exact patched version number is not specified in the available intelligence data and must be retrieved directly from the SAP Note for your specific deployment version. As a compensating control while patching, restrict network-level access to the identified vulnerable endpoint via firewall rules or reverse-proxy access controls - note this may impact legitimate users if the endpoint is used in normal business workflows, so validate the endpoint's operational purpose before blocking. Given the low CVSS score and high attack complexity, this item can be addressed within a standard SAP patch cycle batch unless co-remediation with higher-severity SAP patches released on the same patch day is feasible.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35280
GHSA-h8fg-cpvm-r33f