CVE-2020-26834

Summary

SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP HANA Database< 2.0affected

Weaknesses

  • Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References