CVE-2020-26834

Name of the Vulnerable Software and Affected Versions SAP HANA Database version 2.0

Description The issue arises from incorrect validation of the username during SAML bearer token-based user authentication. It allows manipulation of a valid existing SAML bearer token to authenticate as a user with a name identical to the truncated username for whom the token was issued.

Recommendations For SAP HANA Database version 2.0, as a temporary workaround, consider restricting the use of SAML bearer token-based user authentication until a patch is available. Additionally, ensure that all usernames are unique and cannot be truncated to match another existing user, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.