exploitDog

CVE-2018-2474

Опубликовано: 09 окт. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.

Ссылки

http://www.securityfocus.com/bid/105534
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2696889
Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095
Vendor Advisory
http://www.securityfocus.com/bid/105534
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2696889
Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:fiori:1.0:*:*:*:*:erp_hcm:*:*

EPSS

Процентиль: 36%

0.0015

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-6mvm-9rrh-j4gc

CVSS3: 6.5

github

больше 3 лет назад

SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.

EPSS

Процентиль: 36%

0.0015

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352