SAML 2.0 possible XML signature wrapping attack, SAP security note 1756978

Description

Messages sent and received by the SAML 2.0 Service Provider can be manipulated by a malicious user to allow them to perform unauthorised actions on behalf of another user, thereby generally circumventing the integrity protection provided by the service.

Available fix and Supported packages

HDB | 1.00 | 1.00
SAP HANA DATABASE 1.00 | SP036 | 000036

Affected component

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1756978

Arpine Maghakyan

SAML 2.0 possible XML signature wrapping attack, SAP security note 1756978

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#SAML-2.0
#SAML2
#SAP-HANA
#XML-Signature-Wrapping
#XSW

More to explorer

Press release: RedRays discovered major cybersecurity leak affects 4800 domains

Urgent Security Notice: RedRays Discloses Major Data Breach Affecting SAP Customers

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

Arpine Maghakyan

SAML 2.0 possible XML signature wrapping attack, SAP security note 1756978

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#SAML-2.0#SAML2#SAP-HANA#XML-Signature-Wrapping#XSW

More to explorer

Press release: RedRays discovered major cybersecurity leak affects 4800 domains

Urgent Security Notice: RedRays Discloses Major Data Breach Affecting SAP Customers

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

#SAML-2.0
#SAML2
#SAP-HANA
#XML-Signature-Wrapping
#XSW