A third party vulnerability scan shows that CABI services are vulnerable to "Microsoft Windows Unquoted Service Path Enumeration" and this is found to be because of service paths not quoted.
Unquoted service paths on BusinessObjects server are:
SVNSubversion : SAP BusinessObjects Enterprise XI 4.0\\subversion\svnserve.exe
BOEXI40BWPublisherService : SAP BusinessObjects Enterprise XI 4.0\win32_x86\bwcepubsvc.exe
Applies to both CABI 4.1 SP3 and CABI 4.1 SP5 used with CA Service Management 14.1
Follow the same process for any other CABI service that has unquoted service path in the registry and is reported by a third party vulnerability scan.