CVE-2018-2474
N/A
N/A
Summary
SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP | SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) | 1.0 | affected |
Weaknesses
- Cross-Site Request Forgery
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095
- http://www.securityfocus.com/bid/105534
- https://launchpad.support.sap.com/#/notes/2696889
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095
- http://www.securityfocus.com/bid/105534
- https://launchpad.support.sap.com/#/notes/2696889
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.