VYPR

My Overtime Requests

by SAP

CVEs (2)

  • CVE-2025-25241MedFeb 11, 2025
    risk 0.35cvss 5.4epss 0.00

    Due to a missing authorization check, an attacker who is logged in to application can view/ delete �My Overtime Requests� which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the application. There is no…

  • CVE-2024-25643Feb 13, 2024
    risk 0.00cvss epss 0.00

    The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should…