CVE-2025-0061
📋 TL;DR
SAP BusinessObjects Business Intelligence Platform has an information disclosure vulnerability that allows unauthenticated attackers to hijack user sessions over the network without user interaction. This enables attackers to access and modify all application data. All organizations running vulnerable versions of SAP BusinessObjects BI Platform are affected.
💻 Affected Systems
- SAP BusinessObjects Business Intelligence Platform
📦 What is this software?
Businessobjects Business Intelligence Platform by Sap
View all CVEs affecting Businessobjects Business Intelligence Platform →
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the SAP BusinessObjects environment, allowing attackers to steal sensitive business intelligence data, modify reports and dashboards, and potentially pivot to other systems.
Likely Case
Unauthorized access to business intelligence data, manipulation of reports and analytics, and potential data exfiltration.
If Mitigated
Limited impact if network segmentation prevents external access and proper authentication controls are in place.
🎯 Exploit Status
The vulnerability requires no authentication and no user interaction, making exploitation straightforward for attackers with network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check SAP Note 3474398 for specific patch versions
Vendor Advisory: https://me.sap.com/notes/3474398
Restart Required: Yes
Instructions:
1. Review SAP Note 3474398 for specific patch details. 2. Download appropriate security patch from SAP Support Portal. 3. Apply patch following SAP's standard patching procedures. 4. Restart affected services.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to SAP BusinessObjects servers to only trusted networks and required users
Web Application Firewall Rules
allImplement WAF rules to detect and block session hijacking attempts
🧯 If You Can't Patch
- Implement strict network access controls to limit exposure to trusted IP addresses only
- Monitor for unusual session activity and implement enhanced logging for authentication events
🔍 How to Verify
Check if Vulnerable:
Check SAP BusinessObjects version against affected versions listed in SAP Note 3474398Check Version:
Check version through SAP BusinessObjects Central Management Console or consult SAP documentation for version checking commandsVerify Fix Applied:
Verify patch installation through SAP's patch management tools and confirm version is updated beyond vulnerable versions📡 Detection & Monitoring
Log Indicators:
- Multiple failed authentication attempts followed by successful login from same IP
- Session IDs being used from unexpected IP addresses
- Unusual access patterns to sensitive reports
Network Indicators:
- Unusual network traffic to SAP BusinessObjects ports from unauthorized sources
- Session token interception attempts
SIEM Query:
source="sap-businessobjects" AND (event_type="session_hijack" OR (auth_failure AND auth_success FROM same_ip) OR session_ip_change)