medium2026-06-09SAP BusinessObjectsCVE-2026-44755

Email Spoofing in SAP BusinessObjects BI Platform

SAP BusinessObjects BI Platform

Our Take

BusinessObjects has appeared in the last several months of patch cycles. If your BO environment sends automated reports and alerts, email spoofing is a real phishing vector. BO users are often finance and executive stakeholders — high-value targets. Next planned window.

Vulnerability Detail

An email spoofing vulnerability in the SAP BusinessObjects BI Platform allows an attacker to send email notifications that appear to originate from the BI platform but contain attacker-controlled content, potentially used for phishing or social engineering attacks against BI users.

Patch Action

Apply SAP Note 3687096.

Affected Versions

ENTERPRISE 430

2025

2027

Patch Info

CVSS Score

4.3

SAP Note

3687096 ↗

CVE

CVE-2026-44755

Published

2026-06-09

All content is editorial summary, not professional security advice. CVSS scores and SAP Note IDs are factual references. Patch timing is the responsibility of your security team based on your environment and SAP's official guidance.

← All patches