Who we are

As the leading provider of security for SAP® and Oracle® EBS applications, Onapsis has developed unique insight into emerging threats that can affect your business-critical systems. That’s why we created Onapsis Research Labs, a team of ERP security experts who combine in-depth knowledge and experience to deliver technical analysis and alerts with a business context. Our team works closely with SAP and Oracle product security teams to responsibly deliver the information to customers. To date, we have released over 150 advisories. We’ve consulted with over 180 of our enterprise customers, and we regularly present at leading security, Oracle and SAP conferences around the world.

Advisories

We regularly issue advisories that help enterprises make sense of the business and security impact that new threats present.

All Advisories
Low
SAP
07/29/2019
Please fill in the following form in order to download the selected Onapsis' resource. The system will send you a download link to your email.
High
Oracle
07/18/2018
By exploiting this vulnerability, a remote attacker could steal sensitive business information by redirecting users to a malicious site.
High
Oracle
07/18/2018
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system.

Publications

These in-depth publications analyze security issues and aspects inherent in SAP and Oracle EBS applications.

All Publications
SAP has issued three HotNews Security Notes for Solution Manager (SolMan), dating back to 2019. The most recent (March 2020) addresses a critical vulnerability. An exploit of this vulnerability can…
In February 2017, SAP released Security Note 2413716 regarding configuration changes to secure Trusted RFC for GRC Access Control (AC) Emergency Access Management (EAM), which was a High Priority…
SAP HANA is being pushed by SAP as the absolute in-memory database for its products, and more recently, as a standalone platform.

Threat Reports

Stay informed on the latest threats to the ERP landscape and get the information you need to help mitigate those threats.

All Threat Reports
Onapsis has discovered and worked with SAP to release a patch for the RECON vulnerabilities, affecting a component included in many SAP applications.
Oracle BigDebIT vulnerabilities put thousands of organizations at risk. Onapsis threat research has discovered this major financial and compliance risk to companies who may not have the latest patch…
Oracle PAYDAY vulnerabilities put thousands of organizations at risk. These unmitigated vulnerabilities can lead to cybersecurity risks; financial theft, fraud and business disruption.

Blog

Check out the blog often for the most timely updates, tips and trends relating to ERP security.

All Blog Posts
BLOG
Oracle’s July 2019 CPU Patches Three Critical Vulnerabilities in E-Business Suite Reported by Onapsis
Posted 07/16/2019 by Christian Simko, Gaston Traberg, Martin Doyhenard, Michael Miller, Sebastian Bortnik
BLOG
SAP Security Notes July ‘19: Critical Vulnerability Affecting Solution Manager
Posted 07/09/2019 by Agustin Dendarys
BLOG
Cyber Weakness and the Impact on the Economy
Posted 06/25/2019 by Christian Simko

Further
Reading

Want a more in-depth exploration? Start with these related pieces, then visit our Resources page for more.

All resources

Request a
Business Risk Illustration

OPERATIONAL RESILIENCY ASSESSMENT

Prevent application downtime and costly business disruption

Request an Assessment
AUDIT EFFICIENCY ASSESSMENT

Eliminate resource consuming manual audit processes

Request an Assessment
CYBER RISK 
ASSESSMENT

Reduce vulnerabilities and misconfiguration to protect the business

Request an Assessment