Missing Authorization Check in SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard)
CVE-2026-40132

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Strategic Enterprise Management (bsp Application Balanced Scorecard Wizard)
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-40132?

Due to missing authorization check in SAP Strategic Enterprise Management (Scorecard Wizard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and modify value fields, which will mislead risk evaluations and falsely lower assessed risk levels. This results in a low impact on the confidentiality and integrity of the data. There is no impact on the application�s availability.

Affected Version(s)

SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard) SEM-BW 605

SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard) 700

SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard) 736

References

https://me.sap.com/notes/3721959

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 9, 2026

CVE-2026-40132 Data

JSON