PatchSiren cyber security CVE debrief
CVE-2026-44755 SAP_SE CVE debrief
CVE-2026-44755 is an email spoofing vulnerability in SAP Business Objects Business Intelligence Platform. The vulnerability occurs because the platform does not sufficiently validate email sending parameters supplied by authenticated users. This results in an attacker being able to send emails that appear to come from a legitimate source, potentially leading to phishing attacks or other malicious activities. The vulnerability has a CVSS score of 4.3, indicating a medium severity level. The impact on integrity is low, and there is no effect on confidentiality and availability of the application.
- Vendor
- SAP_SE
- Product
- SAP Business Objects Business Intelligence Platform
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of SAP Business Objects Business Intelligence Platform should be aware of this vulnerability and take necessary steps to mitigate it. This includes applying patches or updates provided by SAP, as well as monitoring email activity for suspicious behavior.
Technical summary
The vulnerability is caused by insufficient validation of email sending parameters in SAP Business Objects Business Intelligence Platform. This allows authenticated users to send emails that appear to come from a legitimate source. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.
Defensive priority
medium
Recommended defensive actions
- Apply patches or updates provided by SAP to fix the vulnerability.
- Monitor email activity for suspicious behavior.
- Restrict access to email sending functionality to only necessary users.
Evidence notes
The CVE record for CVE-2026-44755 was obtained from the official CVE website. Additional information was obtained from the NVD detail page and SAP's security patch day page. For more information, see resourceLinkAnnotations: cve-org, nvd, ref-4, ref-5.
Official resources
CVE-2026-44755 was published on 2026-06-09T01:16:47.177Z and modified on 2026-06-09T02:08:28.150Z.