Vulnerabilities > SAP > Fiori

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2024-25643 Missing Authorization vulnerability in SAP Fiori 605
The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges.
network
low complexity
sap CWE-862
4.3
2023-02-14 CVE-2023-24528 Missing Authorization vulnerability in SAP Fiori 600
SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data.
network
low complexity
sap CWE-862
6.5
2020-06-10 CVE-2020-6266 Open Redirect vulnerability in SAP Fiori
SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection.
network
low complexity
sap CWE-601
5.4
2018-10-09 CVE-2018-2474 Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori 1.0
SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server.
network
low complexity
sap CWE-352
6.5