Escanear grátis
HIGHCVE-2026-0508CVSS 7.3

Open Redirect vulnerability in SAP BusinessObjects Business Intelligence Platform

traduzindo…

Plataforma

sap

Componente

sap-businessobjects-business-intelligence-platform

Corrigido em

430.0.1

2025.0.1

2027.0.1

AI Confidence: highNVDEPSS 0.0%Revisado: mai. de 2026
Ver no NVD
Salvar
Traduzindo para o seu idioma…

CVE-2026-0508 is a critical consensus divergence vulnerability discovered in the Zebra blockchain implementation. An attacker can exploit this flaw to create transactions that Zebra accepts as valid but are rejected by the reference zcashd implementation, leading to a split in the blockchain's consensus. This vulnerability affects versions of Zebra prior to 4.4.1 and has been addressed with a patch.

Impacto e Cenários de Ataquetraduzindo…

The primary impact of CVE-2026-0508 is the potential for consensus divergence within the Zebra network. An attacker could craft malicious V5 transparent transactions using SIGHASH_SINGLE without a corresponding output, which Zebra would incorrectly validate. This could lead to the creation of invalid blocks that are accepted by Zebra nodes but rejected by zcashd nodes, effectively splitting the blockchain. The blast radius extends to all nodes running vulnerable Zebra versions, potentially disrupting the network's integrity and leading to double-spending or other malicious activities. This vulnerability shares similarities with consensus-breaking bugs that have historically impacted other blockchain implementations, highlighting the importance of rigorous testing and adherence to consensus rules.

Contexto de Exploraçãotraduzindo…

The vulnerability was published on 2026-05-08. Severity is rated as CRITICAL (CVSS 9.5). No public exploits or active campaigns have been reported at this time. The vulnerability is not currently listed on KEV or EPSS, indicating a low to medium probability of exploitation. Refer to the official Zebra project advisories for further details and updates.

Inteligência de Ameaças

Status do Exploit

Prova de ConceitoDesconhecido
CISA KEVNO
Exposição na InternetAlta

EPSS

0.01% (percentil 2%)

CISA SSVC

Exploraçãonone
Automatizávelno
Impacto Técnicototal

Vetor CVSS

INTELIGÊNCIA DE AMEAÇAS· CVSS 3.1CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N7.3HIGHAttack VectorNetworkComo o atacante alcança o alvoAttack ComplexityHighCondições necessárias para explorarPrivileges RequiredHighNível de autenticação necessárioUser InteractionRequiredSe a vítima precisa tomar uma açãoScopeChangedImpacto além do componente afetadoConfidentialityHighRisco de exposição de dados sensíveisIntegrityHighRisco de modificação não autorizada de dadosAvailabilityNoneRisco de interrupção de serviçonextguardhq.com · Pontuação Base CVSS v3.1
O que significam essas métricas?
Attack Vector
Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
Attack Complexity
Alta — exige condição de corrida, configuração não padrão ou circunstâncias específicas.
Privileges Required
Alto — conta de administrador ou privilegiada necessária.
User Interaction
Necessária — a vítima deve abrir um arquivo, clicar em um link ou visitar uma página.
Scope
Alterado — o ataque pode pivotar para além do componente vulnerável.
Confidentiality
Alto — perda total de confidencialidade. O atacante pode ler todos os dados.
Integrity
Alto — o atacante pode escrever, modificar ou excluir qualquer dado.
Availability
Nenhum — sem impacto na disponibilidade.

Software Afetado

Componentesap-businessobjects-business-intelligence-platform
FornecedorSAP_SE
Faixa afetadaCorrigido em
ENTERPRISE 430 – ENTERPRISE 430430.0.1
2025 – 20252025.0.1
2027 – 20272027.0.1

Classificação de Fraqueza (CWE)

CWE-601

Linha do tempo

  1. Reservado
  2. Publicada
  3. Modificada
  4. EPSS atualizado
Sem correção — 103 dias desde a divulgação

Mitigação e Soluções Alternativastraduzindo…

The primary mitigation for CVE-2026-0508 is to upgrade Zebra to version 4.4.1 or later, which includes the fix for the consensus divergence issue. If an immediate upgrade is not feasible, consider temporarily disabling V5 transparent transactions as a workaround, although this will impact functionality. Monitor Zebra node behavior for any signs of consensus divergence, such as discrepancies in block heights or transaction validation. No specific WAF or proxy rules are applicable, as the vulnerability lies within the Zebra software itself. After upgrading, confirm the fix by attempting to create and validate a transaction with the vulnerable characteristics (V5 transparent transaction with SIGHASH_SINGLE and no corresponding output) – it should now be rejected.

Como corrigirtraduzindo…

Actualice SAP BusinessObjects Business Intelligence Platform a la última versión disponible proporcionada por SAP. Consulte la nota SAP 3674246 para obtener más detalles e instrucciones específicas.

Boletim de Segurança CVE

Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.

Perguntas frequentestraduzindo…

What is CVE-2026-0508 — Open Redirect in SAP BusinessObjects Business Intelligence Platform?

It's a critical vulnerability in Zebra blockchain allowing attackers to create transactions accepted by Zebra but rejected by zcashd, potentially causing consensus divergence.

Am I affected by CVE-2026-0508 in SAP BusinessObjects Business Intelligence Platform?

If you are running Zebra versions prior to 4.4.1, you are potentially affected by this vulnerability.

How do I fix CVE-2026-0508 in SAP BusinessObjects Business Intelligence Platform?

Upgrade Zebra to version 4.4.1 or later to resolve the consensus divergence issue.

Is CVE-2026-0508 being actively exploited?

No public exploits or active campaigns have been reported at this time.

Where can I find the official SAP BusinessObjects Business Intelligence Platform advisory for CVE-2026-0508?

Refer to the official Zebra project advisories and the NVD entry for CVE-2026-0508 for detailed information.

Seu projeto está afetado?

Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.

Escanear grátisBuscar CVEs