Medium severity6.5NVD Advisory· Published Oct 9, 2018· Updated Jun 17, 2026
CVE-2018-2474
CVE-2018-2474
Description
SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.
Affected products
2- SAP/SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2)v5Range: 1.0
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/105534nvdThird Party AdvisoryVDB Entry
- wiki.scn.sap.com/wiki/pages/viewpage.actionnvdVendor Advisory
- launchpad.support.sap.comnvdPermissions Required
News mentions
0No linked articles in our index yet.