LDAP Authentication Bypass in SAP HANA Database
CVE-2021-21484

7.7HIGH

Key Information:

Vendor
SAP
Status
SAP Hana
Vendor
CVE Published:
9 March 2021

Summary

A security vulnerability exists in SAP HANA Database version 2.0 that allows LDAP authentication to be bypassed. This issue arises when an attached LDAP directory server is configured to permit unauthenticated binds, which could allow unauthorized users to access sensitive resources. This misconfiguration can lead to exposed data and potential exploitation by malicious actors. Proper configuration of LDAP settings is essential to guard against these types of vulnerabilities and to ensure the integrity of user authentication.

Affected Version(s)

SAP HANA < 2.0

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/3017378
x_refsource_MISC

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.