CVE-2021-21474

N/A

SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.

N/A

N/A

SAP HANA Database 加密问题漏洞

SAP HANA是德国思爱普（SAP）公司的一套高性能的实时数据分析平台。该平台提供数据查询功能，支持用户对查询实时业务数据进行查询和分析。 SAP HANA Database 中存在加密问题漏洞，该漏洞允许从SAP HANA实例获取MD5 digest签名的攻击者可能会对其进行篡改和更改，从而使digest保持不变，并且不会使数字签名失效，这允许他们在HANA数据库中模拟为用户，并能够读取数据库中的内容。以下产品及型号受到影响：SAP HANA Database 1.0, SAP HANA Databa

N/A

N/A