CVE-2021-21474

SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.

Published: Feb 9, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-21474
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:P/A:N

CWEs:

CWE-326

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
sap / hana_database	2.00	2.00.x
sap / hana_database	1.00	1.00.x

https://launchpad.support.sap.com/#/notes/2992154
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543

Vulnerability Database

289,697

CVE-2021-21474