VYPR
Medium severity6.5NVD Advisory· Published Oct 9, 2018· Updated Jun 17, 2026

CVE-2018-2474

CVE-2018-2474

Description

SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.

Affected products

2
  • SAP/Fiorillm-fuzzy
    Range: 1.0
  • SAP/SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2)v5
    Range: 1.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.