SAP Strategic Enterprise Management Missing Authorization Vulnerability in Scorecard Wizard

A vulnerability exists in SAP Strategic Enterprise Management's Scorecard Wizard, specifically within Business Server Pages, due to a lack of proper authorization checks. This flaw allows authenticated attackers to access unauthorized information. Additionally, it enables them to alter default settings and modify value fields, potentially skewing risk assessments by falsely reducing evaluated risk levels. While this issue has a low impact on data confidentiality and integrity, it does not affect the application's availability.

Impact

Exploitation of this vulnerability could lead to unauthorized access to information and the ability to manipulate data fields and settings, thereby misrepresenting risk evaluations.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform.