Authorization Flaw in SAP Strategic Enterprise Management
CVE-2026-40132

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Strategic Enterprise Management (bsp Application Balanced Scorecard Wizard)
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-40132?

An authorization check flaw exists in SAP Strategic Enterprise Management's Scorecard Wizard within Business Server Pages, allowing an authenticated attacker to gain unauthorized access to sensitive information. This security weakness not only permits viewing restricted data but also enables modifications to default settings and value fields, potentially misleading risk assessments by falsely lowering perceived risk levels. While there is no impact on application availability, the implications for data confidentiality and integrity can be significant. Users are advised to review the security patches and updates released by SAP to mitigate potential risks.

Affected Version(s)

SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard) SEM-BW 605

SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard) 700

SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard) 736

References

https://me.sap.com/notes/3721959

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 9, 2026

CVE-2026-40132 Data

JSON