Each month, SAP issues Security Patch Day Bulletins on the second Tuesday of every month- which has been synchronized with the Security Patch Day of other major software vendors. Last month’s bulletin was issued on February 10, 2026 and contains 26 new security notes, four (4) of which apply to the SAP BusinessObjects Platform. Three of the vulnerabilities have a high severity and one of the vulnerabilities has a medium severity.
Both SAP BI 4.3 and BI 2025 are affected. Customers still using BI 4.2 could be in a more compromising position, as BI 4.2 has been out of Mainstream Maintenance (patch support) since 12/31/2022. Even Priority One Support ended over a year ago on 12/31/2024. Over the course of its lifetime, BI 4.2 was flagged with 38 common vulnerabilities and exposures (CVE). Regardless of which patch level of BI 4.2 your organization is using, it’s likely to be affected by at least one of these.
You can find more information about these four CVE notes on the Speak BO website (free registration) as well as which patch levels are needed. It’s worth reviewing the data with your organization’s IT security team to determine if your SAP BusinessObjects environments should be patched to address the vulnerabilities.
There is no ROI on a security breach.
