CVE-2018-2474

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 64.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Fiori

Timeline

PublishedOct 9

Latest updateMay 14

Description

SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDsap/fiori1.0

🔴Vulnerability Details

GHSA

GHSA-6mvm-9rrh-j4gc: SAP Fiori 1↗2022-05-14

▶

CVEList

CVE-2018-2474: SAP Fiori 1↗2018-10-09

▶