VYPR

Fiori

by SAP

CVEs (2)

  • CVE-2018-2474MedOct 9, 2018
    risk 0.42cvss 6.5epss 0.01

    SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.

  • CVE-2025-26660MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.00

    SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application,…