cpe:/a:sap:fiori:1.0::~~~erp_hcm~~ CVE-2018-2474 2018-10-09T09:29:02.133-04:00 2019-01-04T10:27:11.497-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2018-11-23T11:07:55.540-05:00 BID 105534 MISC https://launchpad.support.sap.com/#/notes/2696889 CONFIRM https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095 SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.