Vulnerabilities > CVE-2021-21484 - Incorrect Authorization vulnerability in SAP Hana 2.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sap

CWE-863

critical

NVD

Published: 2021-03-09

Updated: 2021-03-16

Summary

LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Hana 2.0	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107
https://launchpad.support.sap.com/#/notes/3017378