CVE-2025-0064 – SAP BusinessObjects Business Intelligence Impersonation Token Generation

The following table lists the changes that have been made to the CVE-2025-0064 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Feb. 11, 2025

    Action Type Old Value New Value
    Added Description Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high impact on confidentiality and integrity, with no impact on availability.
    Added CVSS V3.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
    Added CWE CWE-732
    Added Reference https://me.sap.com/notes/3525794
    Added Reference https://url.sap/sapsecuritypatchday

نوشته های مشابه

CVE-2024-27859 – Apple Web Content Arbitrary Code Execution Vulnerability

CVE-2025-26410 – Wattsense Bridge Hard-Coded Credentials Disclosure

CVE-2025-26411 – Wattsense Bridge Remote Code Execution Vulnerability

CVE-2024-45386 – Siemens SIMATIC PCS neo Session Hijacking Vulnerability