PT-2026-39925 · Sap · Sap Strategic Enterprise Management

Published

2026-05-12

·

Updated

2026-05-12

·

CVE-2026-40132

CVSS v3.1

5.4

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions SAP Strategic Enterprise Management (affected versions not specified)
Description A missing authorization check in the Scorecard Wizard in Business Server Pages allows an authenticated attacker to access unauthorized information. This flaw also enables the modification of default settings and value fields, which can mislead risk evaluations and falsely lower assessed risk levels, impacting data confidentiality and integrity.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-40132

Affected Products

Sap Strategic Enterprise Management