The Onapsis Blog

The world of business-critical application security and compliance is dynamic, with new developments happening on a continuous basis. Read our blog posts for recommendations, insights and observations on the latest news for safeguarding your SAP^® and Oracle^® applications.

Pablo Artuso

Security Researcher

Pablo Artuso is a Security Researcher at the Onapsis Research Labs. He is most of the time involved in projects of vulnerability research and penetration testing of SAP products, where he has helped to patch several bugs on its products. He is one of the responsible of delivering and keeping up to date SAP Security Training, and has also presented about SAP Security in other conferences around the world. In his spare time, he enjoys playing CTF's which include web exploitation, reverse engineering and crypto challenges.

Active Exploitation of the RECON Vulnerability

09/29/2020 | By

Nahuel Sanchez

Pablo Artuso

|

SAP Security

Active Exploitation of the RECON Vulnerability

Threat actors are targeting SAP applications through scanning, exploiting and compromising systems vulnerable to RECON. It is expected that most unpatched internet-facing SAP applications have been already exploited and potentially compromised. Act now to protect your mission-critical applications!

Read more about Active Exploitation of the RECON Vulnerability

How to know if your SAP systems are affected by WannaCry

05/15/2017 | By

Pablo Artuso

|

Research

How to know if your SAP systems are affected by WannaCry

Implement newly released SAP Security Note: 2473454 to confirm your SAP systems are protected.

Read more about How to know if your SAP systems are affected by WannaCry

Onapsis Publishes Advisories for Cross Site Scripting and OS Command Injection Vulnerabilities

09/21/2016 | By

Pablo Artuso

|

Research

Onapsis Publishes Advisories for Cross Site Scripting and OS Command Injection Vulnerabilities

Today, the Onapsis Research Labs released 14 advisories for SAP and 6 for Oracle E-Business Suite. All of the SAP advisories pertain to SAP NetWeaver - the technical integration platform on top of which enterprise and business solutions are developed and run. Half of these advisories for SAP NetWeaver relate to remote command execution vulnerabilities, which will be explained later in this post. On the Oracle side, all six advisories relate to cross-site scripting (XSS) attacks on the core business application Oracle E-Business Suite.

Read more about Onapsis Publishes Advisories for Cross Site Scripting and OS Command Injection Vulnerabilities

The Onapsis Blog

Pablo Artuso

Security Researcher

Active Exploitation of the RECON Vulnerability

How to know if your SAP systems are affected by WannaCry

Onapsis Publishes Advisories for Cross Site Scripting and OS Command Injection Vulnerabilities

Categories

Newsletter

Meet the Authors

Request a
Business Risk Illustration

OPERATIONAL RESILIENCY ASSESSMENT

AUDIT EFFICIENCY ASSESSMENT

CYBER RISK
ASSESSMENT

Highly reviewed by Gartner Peer Insights

The Onapsis Blog

Pablo Artuso

Security Researcher

Active Exploitation of the RECON Vulnerability

How to know if your SAP systems are affected by WannaCry

Onapsis Publishes Advisories for Cross Site Scripting and OS Command Injection Vulnerabilities

Categories

Newsletter

Subscribe to our monthly newsletter, the Defender’s Digest.

Meet the Authors

Request aBusiness Risk Illustration

OPERATIONAL RESILIENCY ASSESSMENT

AUDIT EFFICIENCY ASSESSMENT

CYBER RISK ASSESSMENT

Highly reviewed by Gartner Peer Insights

Subscribe to our monthly newsletter, the Defender’s Digest.

Request a
Business Risk Illustration

CYBER RISK
ASSESSMENT