CVE-2021-21474

Name of the Vulnerable Software and Affected Versions SAP HANA Database versions 1.0, 2.0

Description The issue allows an attacker to tamper with SAML tokens that use MD5 digest, potentially impersonating a user in the HANA database and accessing its contents. This is possible because an attacker who obtains an MD5-digest signed SAML Assertion might be able to alter it without invalidating the digital signature.

Recommendations For SAP HANA Database versions 1.0 and 2.0, consider disabling the acceptance of SAML tokens with MD5 digest until a patch is available. As a temporary workaround, restrict access to sensitive data in the database to minimize the risk of exploitation. Avoid using MD5-digest signed SAML Assertions in the affected SAP HANA instances until the issue is resolved.