Описание
SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued.
Ссылки
- Permissions Required
- Vendor Advisory
- Permissions Required
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:sap:hana_database:2.00:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.0016
Низкий
4.2 Medium
CVSS3
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
около 3 лет назад
SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued.
EPSS
Процентиль: 37%
0.0016
Низкий
4.2 Medium
CVSS3
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-287