Missing Authorization Check in SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard)

CVE	CVE-2026-40132
State	PUBLISHED
Assigner	sap
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-05-12 03:16:12 UTC
Updated	2026-05-12 03:16:12 UTC
Description	Due to missing authorization check in SAP Strategic Enterprise Management (Scorecard Wizard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and modify value fields, which will mislead risk evaluations and falsely lower assessed risk levels. This results in a low impact on the confidentiality and integrity of the data. There is no impact on the application�s availability.

Primary CVSS: v3.1 5.4 MEDIUM from [email protected]

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Problem Types: CWE-862 | CWE-862 CWE-862: Missing Authorization

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Primary	5.4	MEDIUM	`CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N`
3.1	CNA	CVSS	5.4	MEDIUM	`CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N`

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Source	Vendor	Product	Version	Platforms
CNA	SAP SE	SAP Strategic Enterprise Management BSP Application Balanced Scorecard Wizard	affected SEM-BW 605	Not specified
CNA	SAP SE	SAP Strategic Enterprise Management BSP Application Balanced Scorecard Wizard	affected 700	Not specified
CNA	SAP SE	SAP Strategic Enterprise Management BSP Application Balanced Scorecard Wizard	affected 736	Not specified
CNA	SAP SE	SAP Strategic Enterprise Management BSP Application Balanced Scorecard Wizard	affected 746	Not specified
CNA	SAP SE	SAP Strategic Enterprise Management BSP Application Balanced Scorecard Wizard	affected 747	Not specified
CNA	SAP SE	SAP Strategic Enterprise Management BSP Application Balanced Scorecard Wizard	affected 748	Not specified
CNA	SAP SE	SAP Strategic Enterprise Management BSP Application Balanced Scorecard Wizard	affected 749	Not specified
CNA	SAP SE	SAP Strategic Enterprise Management BSP Application Balanced Scorecard Wizard	affected 800	Not specified

Reference	Source	Link	Tags
me.sap.com/notes/3721959	[email protected]	me.sap.com
url.sap/sapsecuritypatchday	[email protected]	url.sap
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.