CVE-2026-24327
Last modified
CVE-2026-24327 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This leads to low impact on confidentiality and no effect on integrity or availability.. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This leads to low impact on confidentiality and no effect on integrity or availability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Strategic Enterprise Management | 600 |
| Sap | Strategic Enterprise Management | 602 |
| Sap | Strategic Enterprise Management | 603 |
| Sap | Strategic Enterprise Management | 604 |
| Sap | Strategic Enterprise Management | 605 |
| Sap | Strategic Enterprise Management | 634 |
| Sap | Strategic Enterprise Management | 700 |
| Sap | Strategic Enterprise Management | 736 |
| Sap | Strategic Enterprise Management | 746 |
| Sap | Strategic Enterprise Management | 747 |
| Sap | Strategic Enterprise Management | 748 |
| Sap | Strategic Enterprise Management | 800 |
References
- https://me.sap.com/notes/3680390Permissions Required
- https://url.sap/sapsecuritypatchdayVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-24327?
How severe is CVE-2026-24327?
How do I fix CVE-2026-24327?
Are you affected by CVE-2026-24327?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST