LDAP Authentication Bypass in SAP HANA Database
CVE-2021-21484

7.7HIGH

Key Information:

Vendor: SAP
Status: SAP Hana
Vendor: CVE Published:; 9 March 2021

What is CVE-2021-21484?

A security vulnerability exists in SAP HANA Database version 2.0 that allows LDAP authentication to be bypassed. This issue arises when an attached LDAP directory server is configured to permit unauthenticated binds, which could allow unauthorized users to access sensitive resources. This misconfiguration can lead to exposed data and potential exploitation by malicious actors. Proper configuration of LDAP settings is essential to guard against these types of vulnerabilities and to ensure the integrity of user authentication.

Affected Version(s)

SAP HANA < 2.0

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3017378

x_refsource_MISC

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2021
Vulnerability Reserved
Dec 30, 2020