CVE-2018-2474: CSRF
First published: Tue Oct 09 2018(Updated: )
SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Fiori | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-2474?
CVE-2018-2474 has been rated as a medium severity vulnerability due to its potential for CSRF attacks.
How do I fix CVE-2018-2474?
To mitigate CVE-2018-2474, implement proper CSRF protection mechanisms in your SAP Fiori application.
Who is affected by CVE-2018-2474?
CVE-2018-2474 affects users of SAP Fiori 1.0 for SAP ERP HCM specifically in the Approve Leave Request application.
What are the implications of CVE-2018-2474?
If exploited, CVE-2018-2474 can allow attackers to perform actions on behalf of the authenticated user without their consent.
When was CVE-2018-2474 disclosed?
CVE-2018-2474 was disclosed in 2018, highlighting the need for improved security in SAP applications.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- agent/source
- vendor/sap
- canonical/sap fiori
- version/sap fiori/1.0