CVE-2018-2474

Summary

SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.

Affected Software

VendorProductVersion RangeStatus
SAPSAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2)1.0affected

Weaknesses

  • Cross-Site Request Forgery

ADP Enrichment

CVE Program Container

Additional References

References