CVE-2021-21474 is a vulnerability in SAP Hana Database
Published on February 9, 2021

SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.

NVD

Products Associated with CVE-2021-21474

Want to know whenever a new CVE is published for SAP Hana Database? stack.watch will email you.

SAP Hana Database

Affected Versions

SAP SE SAP HANA Database:

Version < 1.0 is affected.
Version < 2.0 is affected.

Exploit Probability

EPSS

0.15%

Percentile

35.86%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-21474 is a vulnerability in SAP Hana DatabasePublished on February 9, 2021

Products Associated with CVE-2021-21474

Affected Versions

Exploit Probability

CVE-2021-21474 is a vulnerability in SAP Hana Database
Published on February 9, 2021