SAP Business Objects Business Intelligence Platform Email Spoofing Vulnerability

An email spoofing vulnerability exists in SAP Business Objects Business Intelligence Platform due to inadequate validation of email sending parameters from authenticated users. This issue allows for the manipulation of email headers, potentially leading to unauthorized email representation. While the vulnerability has a low impact on integrity, it does not compromise the application's confidentiality or availability.

Impact

Exploitation of this vulnerability allows for email spoofing, where an attacker can send emails that appear to come from a trusted source, potentially leading to phishing or other social engineering attacks.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, where users can find the complete list of all security notes and prioritize their implementation.