CVE Vulnerability

CVE-2018-2474

SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095 Vendor Advisory
https://launchpad.support.sap.com/#/notes/2696889 Permissions Required
http://www.securityfocus.com/bid/105534 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:sap:fiori:1.0:*:*:*:*:erp_hcm:*:*
Information

Published : 2018-10-09 01:29

Updated : 2019-01-04 03:27

NVD link : CVE-2018-2474

Mitre link : CVE-2018-2474

Products Affected
No products.
CWE
CWE-352