Insufficient CSRF Protection in SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) Application

Insufficient CSRF Protection in SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) Application

CVE-2018-2474 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.

Learn more about our Web App Pen Testing.