SAP® and Oracle® Security Advisories
Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.
09/15/2025
Open Redirect in SAP HANA XSA UAA Server
Open Redirect in SAP HANA XSA UAA Server Impact on Business The open redirect vulnerability allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks. The phishers may then steal victim’s credentials or other important data that can be used in other exploitation chains. This has limited impact on the confidentiality, integrity and availability of the…
06/14/2018
SAP Information Disclosure
By exploiting this vulnerability, a remote unauthenticated attacker could get information about the system architecture. Please fill out the form to download the security advisory.
07/20/2016
SAP HANA Information Disclosure in EXPORT
By exploiting this SAP HANA vulnerability, an attacker could access business information indexed by the SAP system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
07/20/2016
SAP HANA User Information Disclosure
By exploiting this SAP HANA vulnerability, a remote unauthenticated attacker could obtain valid usernames that could be used to support more complex attacks. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…
07/20/2016
SAP HANA Arbitrary Audit Injection via HTTP Requests
By exploiting this SAP HANA vulnerability, an attacker could tamper the audit logs, hiding evidence of an attack to a HANA system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
07/20/2016
SAP HANA Get Topology Information Disclosure
By exploiting this SAP HANA vulnerability, a remote unauthenticated attacker could obtain technical information about the SAP HANA Platform that can be used to perform more complex attacks. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering,…
11/09/2015
SAP HANA TrexNet Remote Process Kill
By exploiting this vulnerability, an unauthenticated attacker could render the SAP HANA system completely unavailable due to system shutdown. Any business process or information hosted in the system will became automatically unavailable. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to…
11/09/2015
SAP HANA Remote Code Execution (HTTP based)
By exploiting this vulnerability, an unauthenticated attacker could completely compromise the system, and would be able to access and manage any business-relevant information or processes. This could be achieved remotely and potentially through the internet, affecting on-premise and cloud-based HANA solutions. Please fill in the following form in order to download the selected Onapsis’ resource….
11/09/2015
SAP HANA TrexNet Remote Python Execution
By exploiting this vulnerability, an unauthenticated attacker could completely compromise the system, and would be able to access and manage any business-relevant information or processes. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain…