CVE-2020-26834
published 2020-12-09CVE-2020-26834: SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to…
medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | hana_database | — | — |
| sap_se | sap_hana_database | < 2.0 | 2.0 |