SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.

Related CVEs

CVE-2018-2474

Key Information

GHSA ID

GHSA-6mvm-9rrh-j4gc

Published

May 14, 2022 1:43 AM

Last Modified

May 14, 2022 1:43 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.