SAML Token Manipulation Vulnerability in SAP HANA Database
CVE-2021-21474
6.5MEDIUM
What is CVE-2021-21474?
The SAP HANA Database is vulnerable due to its acceptance of SAML tokens signed with MD5 digest. An attacker who secures an MD5-signed SAML Assertion can modify it without invalidating the digital signature. This manipulation could allow the attacker to impersonate a legitimate user within the SAP HANA environment, granting unauthorized access to confidential database content.
Affected Version(s)
SAP HANA Database < 1.0 < 1.0
SAP HANA Database < 2.0 < 2.0