CVE-2026-24327 | THREATINT

Description

Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This leads to low impact on confidentiality and no effect on integrity or availability.

PUBLISHED Reserved 2026-01-21 | Published 2026-02-10 | Updated 2026-02-10 | Assigner sap

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status

unaffected

SEM-BW 600

affected

602

affected

603

affected

604

affected

605

affected

634

affected

700

affected

736

affected

746

affected

747

affected

748

affected

800

affected

References

me.sap.com/notes/3680390

url.sap/sapsecuritypatchday

cve.org (CVE-2026-24327)

nvd.nist.gov (CVE-2026-24327)

Download JSON