Onapsis Research Labs

Who we are

As the leading provider of security for SAP® and Oracle® EBS applications, Onapsis has developed unique insight into emerging threats that can affect your business-critical systems. That’s why we created Onapsis Research Labs, a team of ERP security experts who combine in-depth knowledge and experience to deliver technical analysis and alerts with a business context. Our team works closely with SAP and Oracle product security teams to responsibly deliver the information to customers. To date, we have released over 150 advisories. We’ve consulted with over 180 of our enterprise customers, and we regularly present at leading security, Oracle and SAP conferences around the world.

Advisories

We regularly issue advisories that help enterprises make sense of the business and security impact that new threats present.

All Advisories
Low
SAP
07/29/2019
SAP SDLREG Fixed Key for Encryption
Please fill in the following form in order to download the selected Onapsis' resource. The system will send you a download link to your email.
High
Oracle
07/18/2018
Multiple Oracle E-Business Suite Open Redirection
By exploiting this vulnerability, a remote attacker could steal sensitive business information by redirecting users to a malicious site.
High
Oracle
07/18/2018
Multiple Oracle E-Business Suite Cross-Site Scripting (XSS)
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system.

Publications

These in-depth publications analyze security issues and aspects inherent in SAP and Oracle EBS applications.

All Publications
Volume XVII: Remote Function Call: The Whole Picture
The aim of this publication is to fully introduce and explain the concept of Remote Function Call (RFC) and the impact on the Gateway and Message Server.
Learn more
Volume XVI: SAP®️ Security In-Depth: Switchable Authorization Checks: New Workbench and Scenarios
This SAP Security In-depth attempts to fully introduce and explain the concept of Switchable Authorization Checks. How it works, why it’s important and how to implement a Switchable Authorization…
Learn more
Volume XV: SAP® Security In-Depth: Preventing Cyberattacks Against SAP Solution Manager
SAP has issued three HotNews Security Notes for Solution Manager (SolMan), dating back to 2019. The most recent (March 2020) addresses a critical vulnerability. An exploit of this vulnerability can…
Learn more

Threat Reports

Stay informed on the latest threats to the ERP landscape and get the information you need to help mitigate those threats.

All Threat Reports
Active Cyberattacks on Mission-Critical SAP Applications
Active Cyberattacks on Mission-Critical SAP Applications
A critical cybersecurity blind spot impacting how many organizations protect their mission-critical SAP applications is detailed in this joint report from Onapsis and SAP. Learn how threat actors are…
Learn more
RECON SAP vulnerability
RECON SAP vulnerability affects over 40,000 SAP customers
Onapsis has discovered and worked with SAP to release a patch for the RECON vulnerabilities, affecting a component included in many SAP applications.
Learn more
Onapsis BigDebIT Threat Report
BigDebIT VULNERABILITIES IN ORACLE EBS PUT THOUSANDS OF ORGANIZATIONS AT RISK
Oracle BigDebIT vulnerabilities put thousands of organizations at risk. Onapsis threat research has discovered this major financial and compliance risk to companies who may not have the latest patch…
Learn more

Blog

Check out the blog often for the most timely updates, tips and trends relating to ERP security.

All Blog Posts
BLOG
Oracle’s July 2019 CPU Patches Three Critical Vulnerabilities in E-Business Suite Reported by Onapsis
Posted 07/16/2019 by Christian Simko, Gaston Traberg, Martin Doyhenard, Michael Miller, Sebastian Bortnik
Read more
BLOG
SAP Security Notes July ‘19: Critical Vulnerability Affecting Solution Manager
Posted 07/09/2019 by
Read more
BLOG
Cyber Weakness and the Impact on the Economy
Posted 06/25/2019 by Christian Simko
Read more

Further
Reading

Want a more in-depth exploration? Start with these related pieces, then visit our Resources page for more.

All resources
10KBLAZE report
Reports
10KBLAZE
Read more
Why is Protecting ERP Critical to Businesses?
Videos
Why is Protecting ERP Critical to Businesses?
Read more
10KBLAZE report
Reports
10KBLAZE threat report
Read more

Request a
Business Risk Illustration

OPERATIONAL RESILIENCY ASSESSMENT

Prevent application downtime and costly business disruption

Request an Assessment
AUDIT EFFICIENCY ASSESSMENT

Eliminate resource consuming manual audit processes

Request an Assessment
CYBER RISK 
ASSESSMENT

Reduce vulnerabilities and misconfiguration to protect the business

Request an Assessment