A note with CVSS 4.2 for component HAN-DB-SEC was released by SAP on 08.12.2020. The correction/advisory 2978768 was described with "[CVE-2020-26834 ] Improper authentication in SAP HANA database" and affects the system type HANA Platform.
A workaround exists, according to SAP Security Advisory team. It is advisable to implement the correction as part of maintenance.
The vulnerability addressed is missing authentication check within HANA Platform.
Risk specificationThe SAP HANA database does not correctly validate the user name when performing SAML bearer token-based user authentication, allowing to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated user name for whom the SAML bearer token was issued.
The SAP HANA database now properly performs the validation of the SAML token during the authentication. Although an alternative solution exists, it is advisable to apply the correction! This is the workaround, which was suggested by the SAP security experts: "Disable the SAML authentication only for the affected users.".
SAP HANA is a high-performance in-memory database and the basis for a so called "Real-Time Data Platform". SAP HANA allows online transaction processing (OLTP) and online analytical processing (OLAP) on one system. SAP HANA Extended Application Services (aka SAP HANA XS) is a key aspect of SAP HANA as a platform.
The advisory is valid for
- 10.0 [CVE-2020-26829] Missing Authentication Check in SAP NetWeaver AS JAVA (P2P Cluster Communication)
- 10.0 [CVE-2020-6207] Missing Authentication Check in SAP Solution Manager (User-Experience Monitoring)
- 9.8 [CVE-2020-6198] Missing Authentication check in SAP Solution Manager (Diagnostics Agent)
- 8.6 [CVE-2020-6235] Missing authentication check in SAP Solution Manager (Diagnostics Agent )
- 8.5 [CVE-2020-6294] Missing Authentication check in SAP BusinessObjects Business Intelligence Platform