CVE-2018-2474 Information

Description

SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Reference

http://www.securityfocus.com/bid/105534 https://launchpad.support.sap.com//notes/2696889 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.5