Unrated severityNVD Advisory· Published Dec 9, 2020· Updated Aug 4, 2024
CVE-2020-26834
CVE-2020-26834
Description
SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued.
Affected products
2- Range: >= 2.0
- SAP SE/SAP HANA Databasev5Range: < 2.0
Patches
Vulnerability mechanics
References
2- launchpad.support.sap.commitrex_refsource_MISC
- wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.