Primary

Context

SAP BI Platform LogonToken IP Address Modification Vulnerability

Vulnerability

A vulnerability in SAP BI Platform allows an attacker to alter the IP address of the LogonToken used for OpenDoc. When the modified link is accessed in a browser, it can send a ping request to a different server. This vulnerability has a low impact on integrity, with no effect on confidentiality or availability.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of IP address information in LogonTokens, potentially allowing for misdirection of network requests.

Remediation

Users are advised to review and implement the SAP Security Note related to this vulnerability, available through the SAP Security Patch Day Bulletin. Instructions for accessing SAP Security Notes can be found on the SAP Security Notes FAQs page.

Added: Sep 23, 2025, 2:19 AM

Updated: Sep 23, 2025, 2:19 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP BI Platform LogonToken IP Address Modification Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SAP BI Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating