PT-2026-39925 · Sap · Sap Strategic Enterprise Management
Published
2026-05-12
·
Updated
2026-05-12
·
CVE-2026-40132
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SAP Strategic Enterprise Management (affected versions not specified)
Description
A missing authorization check in the Scorecard Wizard in Business Server Pages allows an authenticated attacker to access unauthorized information. This flaw also enables the modification of default settings and value fields, which can mislead risk evaluations and falsely lower assessed risk levels, impacting data confidentiality and integrity.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Strategic Enterprise Management