Zero Day MonitorZDM

← Back to list

4.1

CVE-2026-27683EXPLOITED

sap · sap businessobjects business intelligence platform

Reflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform

Description

SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact on confidentiality with no impact on integrity and availability.

Affected Products

Vendor	Product	Versions
sap	sap businessobjects business intelligence platform	ENTERPRISE 430, 2025, 2027

References

Related News (1 articles)

Tier C

VulDB16h ago

CVE-2026-27683 | SAP BusinessObjects Business Intelligence Platform 2025/2027/ENTERPRISE 430 cross site scripting

→ No new info (linked only)

CVSS 3.14.1 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-79

PublishedApr 14, 2026

Last enriched15h agov2

Trending Score40

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-27681EXP

SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse

MEDIUMCVE-2026-27674EXP

Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)

LOWCVE-2026-27675EXP

Code Injection vulnerability in SAP Landscape Transformation

HIGHCVE-2026-34256

Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)

MEDIUMCVE-2026-24318

Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: description, activelyExploited

Apr 14, 2026

Actively Exploited

Apr 14, 2026

Version History

v2

Last enriched 15h ago

v2Tier C15h ago

Updated description with new details about the vulnerability and marked it as actively exploited.

descriptionactivelyExploited

via VulDB

v121h ago

Initial creation