• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1756978 - SAML 2.0: possible XML signature wrapping attack

Главная Специалистам База уязвимостей Note 1756978 - SAML 2.0: possible XML signature wrapping attack

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1756978-2) SAP Support Packages (SAP_HANA_DATABASE_100_SP036_000036, SAP_HANA_DATABASE_100_SP999999_999999)
Описание
The SAML 2.0 Service Provider implementation contains a vulnerability in  the manner in which XML signatures are used to certify security assertions. This issue affects multiple vendors of SAML 2.0  implementations, and is not SAP specific. A malicious user can intercept  or issue one signed assertion, and use an XML signature wrapping attack  to gain higher privileges or impersonate another user. This means that  there is a risk of information disclosure, data tampering and system unavailability as a result of this vulnerability.
Как исправить
Update your SAP HANA to revision 36 or later.
Ссылки