CVE-2026-40134

Description

Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and availability of the application.

References

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3718508

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3