CVE-2018-2474

Name of the Vulnerable Software and Affected Versions SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2)

Description The issue is due to insufficient CSRF protection, allowing an attacker to trick an authenticated user into sending an unintended request to the web server.

Recommendations For SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2), consider implementing proper CSRF protection mechanisms to prevent unintended requests. As a temporary workaround, restrict access to sensitive functionalities within the application to minimize the risk of exploitation.