CVE-2021-21474

SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.

CVSS v3 6.5 MEDIUM
CVSS v2.0 5.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://launchpad.support.sap.com/#/notes/2992154	Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:hana_database:1.00:::::::*
	cpe:2.3:a:sap:hana_database:2.00:::::::*

History

12 Jul 2022, 17:42

Type	Values Removed	Values Added
CWE	~~CWE-347~~	CWE-326

Information

Published : 2021-02-09 21:15

Updated : 2024-02-04 21:23

NVD link : CVE-2021-21474

Mitre link : CVE-2021-21474

CVE.ORG link : CVE-2021-21474

JSON object : View

Products Affected

sap

hana_database

CWE

CWE-326

Inadequate Encryption Strength

{"id": "CVE-2021-21474", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.2}]}, "published": "2021-02-09T21:15:13.393", "references": [{"url": "https://launchpad.support.sap.com/#/notes/2992154", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database."}, {"lang": "es", "value": "SAP HANA Database, versiones - 1.0, 2.0, acepta tokens SAML con un digest MD5, un atacante que logra obtener una afirmaci\u00f3n SAML firmada por un digest MD5 emitida para una instancia de SAP HANA podr\u00eda manipularla y alterarla de una manera que el digest sigue siendo el mismo y sin invalidar la firma digital, esto les permite hacerse pasar por usuario en la base de datos HANA y poder leer los contenidos en la base de datos"}], "lastModified": "2022-07-12T17:42:04.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:hana_database:1.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "528C05CB-315F-465C-8C25-EF85AA7D19B9"}, {"criteria": "cpe:2.3:a:sap:hana_database:2.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C6CA542-7071-48B6-B135-3AE9B4BB1DC5"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}