CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-21474

SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.1%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 5.5

References

https://launchpad.support.sap.com/#/notes/2992154
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543
https://launchpad.support.sap.com/#/notes/2992154
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543

Products affected by CVE-2021-21474

Sap » Hana Database » Version: 1.00

cpe:2.3:a:sap:hana_database:1.00
Sap » Hana Database » Version: 2.00

cpe:2.3:a:sap:hana_database:2.00

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-21474

Products

Pricing

Contact Us