CVE-2020-26834
First published: Wed Dec 09 2020(Updated: )
SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP HANA Database | =2.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SAP HANA Database vulnerability?
The vulnerability ID for this SAP HANA Database vulnerability is CVE-2020-26834.
What is the severity of CVE-2020-26834?
The severity of CVE-2020-26834 is medium with a CVSS score of 5.4.
What is the affected software for CVE-2020-26834?
The affected software for CVE-2020-26834 is SAP HANA Database version 2.0.
What is the impact of CVE-2020-26834?
CVE-2020-26834 allows an attacker to authenticate as a user by manipulating a valid existing SAML bearer token.
Is there a fix available for CVE-2020-26834?
Yes, SAP has released a note with the fix for CVE-2020-26834. Please refer to the SAP note for more details.
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/type
- agent/event
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- agent/last-modified-date
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap hana database
- version/sap hana database/2.00