CVE-2024-25643
- EPSS 0.15%
- Veröffentlicht 13.02.2024 04:15:08
- Zuletzt bearbeitet 21.11.2024 09:01:08
The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access inf...
CVE-2023-24528
- EPSS 0.24%
- Veröffentlicht 14.02.2023 04:15:12
- Zuletzt bearbeitet 21.11.2024 07:48:03
SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network a...
CVE-2020-6266
- EPSS 0.17%
- Veröffentlicht 10.06.2020 13:15:18
- Zuletzt bearbeitet 21.11.2024 05:35:24
SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection.
CVE-2018-2474
- EPSS 0.15%
- Veröffentlicht 09.10.2018 13:29:02
- Zuletzt bearbeitet 21.11.2024 04:03:52
SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.