medium2026-05-12SAP SEM-BWCVE-2026-40132

Missing Authorization Check in SAP Strategic Enterprise Management

SAP Strategic Enterprise Management (Balanced Scorecard Wizard BSP)

Our Take

Narrow product — SEM-BW with Balanced Scorecard is not in most modern landscapes. If you run it, planned window.

Vulnerability Detail

Missing authorisation check in the Balanced Scorecard Wizard allows an authenticated attacker to access unauthorised information and modify settings, potentially misleading downstream risk evaluations or performance reports.

Patch Action

Apply SAP Note 3721959.

Affected Versions

SEM-BW 605

700

720

730

740

800

Patch Info

CVSS Score

5.4

SAP Note

3721959 ↗

CVE

CVE-2026-40132

Published

2026-05-12

All content is editorial summary, not professional security advice. CVSS scores and SAP Note IDs are factual references. Patch timing is the responsibility of your security team based on your environment and SAP's official guidance.

← All patches