Skip links

SAML 2.0 possible XML signature wrapping attack, SAP security note 1756978

Description

Messages sent and received by the SAML 2.0 Service Provider can be manipulated by a malicious user to allow them to perform unauthorised actions on behalf of another user, thereby generally circumventing the integrity protection provided by the service.

Available fix and Supported packages

  • HDB | 1.00 | 1.00
  • SAP HANA DATABASE 1.00 | SP036 | 000036

Affected component

    HAN-DB
    SAP HANA Database

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1756978

TAGS

#SAML-2.0
#SAML2
#SAP-HANA
#XML-Signature-Wrapping
#XSW

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies