CVE-2018-2474

SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
sapfiori
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105534
https://launchpad.support.sap.com/#/notes/2696889
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095
http://www.securityfocus.com/bid/105534
https://launchpad.support.sap.com/#/notes/2696889
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095