How severe is CVE-2026-40132?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Auth bypass in Sap_se Sap Strategic Enterprise Management (Bsp Application Balanced Scorecard Wizard)

CVE-2026-40132

Due to missing authorization check in SAP Strategic Enterprise Management (Scorecard Wizard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also…

Vulnerability class: Broken Access Control

EPSS: 0.000 (1.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.

Affected products

Sap_se Sap Strategic Enterprise Management (Bsp Application Balanced Scorecard Wizard) — versions SEM-BW 605, 700, 736

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

Frequently asked questions

What is CVE-2026-40132?: CVE-2026-40132 is a medium-severity vulnerability in Sap_se Sap Strategic Enterprise Management (Bsp Application Balanced Scorecard Wizard), classified under Missing Authorization. CVSS score: 5.4/10. Published 2026-05-12.
How severe is CVE-2026-40132?: Medium severity. CVSS v3 base score is 5.4 out of 10.