Skip links

SAML 2.0 possible XML signature wrapping attack, SAP security note 1756978

Description

Messages sent and received by the SAML 2.0 Service Provider can be manipulated by a malicious user to allow them to perform unauthorised actions on behalf of another user, thereby generally circumventing the integrity protection provided by the service.

Available fix and Supported packages

  • HDB | 1.00 | 1.00
  • SAP HANA DATABASE 1.00 | SP036 | 000036

Affected component

    HAN-DB
    SAP HANA Database

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1756978

TAGS

#SAML-2.0
#SAML2
#SAP-HANA
#XML-Signature-Wrapping
#XSW