CVE-2026-40132
Missing Authorization Check in SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard)
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
1th
Due to missing authorization check in SAP Strategic Enterprise Management (Scorecard Wizard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and modify value fields, which will mislead risk evaluations and falsely lower assessed risk levels. This results in a low impact on the confidentiality and integrity of the data. There is no impact on the application�s availability.
| Vendor | sap_se |
| Product | sap strategic enterprise management (bsp application balanced scorecard wizard) |
| Published | May 12, 2026 |
| Last Updated | May 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for sap_se sap strategic enterprise management (bsp application balanced scorecard wizard)
Be the first to know when new medium vulnerabilities affecting sap_se sap strategic enterprise management (bsp application balanced scorecard wizard) are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
SAP_SE / SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard)
SEM-BW 605 700 736 746 747 748 749 800