cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-23191,https://securityvulnerability.io/vulnerability/CVE-2025-23191,Host Header Manipulation Vulnerability in SAP Fiori for SAP ERP,"A vulnerability exists within the SAP OData endpoint in SAP Fiori for SAP ERP where cached values can be compromised through Host header modification in HTTP GET requests. This manipulation allows attackers to redirect `atom:link` values in the metadata, potentially leading to redirects to malicious URLs. If exploited, this could impact the integrity of the application by misleading users and misdirecting data flows.",SAP,SAP Fiori For SAP Erp,3.1,LOW,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-11T00:35:15.392Z,0
CVE-2023-24528,https://securityvulnerability.io/vulnerability/CVE-2023-24528,Data Exposure Vulnerability in SAP Fiori Apps for Travel Management,"The SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) version 600 contains a vulnerability that allows an authenticated attacker to exploit a misconfigured application endpoint. This endpoint, which is generally accessible over the network, may lead to unauthorized access to sensitive data, including travel documents. Proper configuration and security practices are essential to mitigate the risk associated with this vulnerability.",SAP,Fiori apps 1.0 for travel management in SAP ERP (My Travel Requests),6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-02-14T04:15:00.000Z,0
CVE-2021-27605,https://securityvulnerability.io/vulnerability/CVE-2021-27605,Authorization Vulnerability in SAP's HCM Travel Management Fiori Apps,"A vulnerability in SAP's HCM Travel Management Fiori Apps V2, version 608, allows an authenticated but unauthorized individual to access sensitive personnel information, such as employee names. This results from inadequate authorization checks within the application. While the affected party can view limited details, it poses a risk to user privacy by exposing sensitive employee data. The application's integrity and availability remain unaffected, but the potential for privilege escalation highlights the need for prompt remediation.",SAP,SAP Fiori Apps 2.0 For Travel Management In SAP Erp,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-04-13T18:44:13.000Z,0
CVE-2018-2474,https://securityvulnerability.io/vulnerability/CVE-2018-2474,,"SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.",SAP,"SAP Fiori 1.0 For SAP Erp Hcm (approve Leave Request, Version 2)",6.5,MEDIUM,0.0015699999639764428,false,,false,false,false,,,false,false,,2018-10-09T13:00:00.000Z,0