Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1756978-2)
SAP Support Packages
(SAP_HANA_DATABASE_100_SP036_000036, SAP_HANA_DATABASE_100_SP999999_999999)
Описание
The SAML 2.0 Service Provider implementation contains a vulnerability in the manner in which XML signatures are used to certify security assertions. This issue affects multiple vendors of SAML 2.0 implementations, and is not SAP specific. A malicious user can intercept or issue one signed assertion, and use an XML signature wrapping attack to gain higher privileges or impersonate another user. This means that there is a risk of information disclosure, data tampering and system unavailability as a result of this vulnerability.
Как исправить
Update your SAP HANA to revision 36 or later.
Ссылки