mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
77 lines
2.2 KiB
JSON
77 lines
2.2 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "cna@sap.com",
|
|
"ID" : "CVE-2018-2474",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2)",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_affected" : "=",
|
|
"version_value" : "1.0"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "SAP"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "Cross-Site Request Forgery"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "https://launchpad.support.sap.com/#/notes/2696889",
|
|
"refsource" : "MISC",
|
|
"url" : "https://launchpad.support.sap.com/#/notes/2696889"
|
|
},
|
|
{
|
|
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095"
|
|
},
|
|
{
|
|
"name" : "105534",
|
|
"refsource" : "BID",
|
|
"url" : "http://www.securityfocus.com/bid/105534"
|
|
}
|
|
]
|
|
},
|
|
"source" : {
|
|
"discovery" : "UNKNOWN"
|
|
}
|
|
}
|