How severe is CVE-2021-21474?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-21474?

This is classified as CWE-326, which is a common weakness in software security.

CVE-2021-21474

MEDIUM Year: 2021

CVSS v3 Score

6.5

Medium

CVSS v2 Score

5.5

Medium

Weakness Type

CWE-326

View all →

Vulnerability Description

SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.

CVE-2015-5361

MEDIUM

CVSS:6.5(Medium)

Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific...

CWE-3262015

CVE-2016-3019

MEDIUM

CVSS:6.5(Medium)

IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462.

CWE-3262016

CVE-2017-3971

MEDIUM

CVSS:6.5(Medium)

Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyph...

CWE-3262017

CVE-2017-9645

MEDIUM

CVSS:6.5(Medium)

An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 an...

CWE-3262017

CVE-2018-5461

MEDIUM

CVSS:6.5(Medium)

An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vuln...

CWE-3262018

CVE-2019-10638

MEDIUM

CVSS:6.5(Medium)

In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to mul...

CWE-3262019

CVE-2021-21474

Vulnerability Description

Related Vulnerabilities

CVE-2015-5361

CVE-2016-3019

CVE-2017-3971

CVE-2017-9645

CVE-2018-5461

CVE-2019-10638