CVE-2026-40134 – Missing Authorization Check in SAP Incentive and Commission Management

CVE ID :CVE-2026-40134

Published : May 12, 2026, 3:16 a.m. | 1 hour, 41 minutes ago

Description :Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and availability of the application.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…