CVE-2021-21474

Published: Feb 9, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.

Vendor	Product	Versions
SAP SE	SAP HANA Database	affected `< 1.0` affected `< 2.0`

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2992154

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-21474

Description

Affected Products

References