Each month, SAP issues Security Patch Day Bulletins on the second Tuesday of every month- which has been synchronized with the Security Patch Day of other major software vendors. This month’s bulletin was issued on April 14, 2026, and contains 19 new security notes, three (3) of which apply to the SAP BusinessObjects Platform and have medium severity.
Both SAP BI 4.3 and BI 2025 are affected. Customers still using BI 4.2 could be in a more compromising position, as BI 4.2 has been out of Mainstream Maintenance (patch support) since 12/31/2022. Even Priority One Support ended over a year ago on 12/31/2024. Over the course of its lifetime, BI 4.2 was flagged with 38 common vulnerabilities and exposures (CVE). Regardless of which patch level of BI 4.2 your organization is using, it’s likely to be affected by at least one of these.
You can find more information about April’s CVE notes on the Speak BO website (free registration) as well as which patch levels are needed. It’s worth reviewing the data with your organization’s IT security team to determine if your SAP BusinessObjects environments should be patched to address the vulnerabilities.
There is no ROI on a security breach.
