SAP® and Oracle® Security Advisories

Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.

SAP Netweaver JAVAHigh
Impact On Business This vulnerability can be used by an attacker to make a Denial of Service to SAP Netweaver Java, making...
SAP Enterprise PortalCritical
SAPCritical
Note: Please bear in mind that all the information provided here is subject to change due to how quickly new attacks and...
SAP KERNELLow
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
Oracle E-Business SuiteHigh
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
Oracle E-Business SuiteHigh
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
SAP ERPMedium
By exploiting this vulnerability, an attacker who previously accessed a mobile phone connected to an SAP system could potentially...
SAP BusinessObjectsMedium
By exploiting this vulnerability an attacker could discover information relating to servers. This information could be used...
SAP BusinessObjectsMedium
By exploiting this vulnerability an attacker could shut down all SAP systems. Please fill out the form to download the security...
SAP ERPMedium
By exploiting this vulnerability, a remote unauthenticated attacker could get business information. Please fill out the form...
SAP HANAMedium
By exploiting this vulnerability, a remote unauthenticated attacker could get information about the system architecture....
SAP NetweaverMedium
By exploiting this vulnerability, a remote unauthenticated attacker may discover security vulnerabilities affecting the system,...
SAP NetweaverMedium
By exploiting this vulnerability, a remote unauthenticated attacker may discover security vulnerabilities affecting the system,...
SAP KERNELMedium
By exploiting this vulnerability an unauthenticated attacker could access and modify any information indexed by the SAP system....
Oracle E-Business SuiteHigh
By exploiting this vulnerability, a remote unauthenticated attacker could get sensitive information. Please fill out the...
Oracle E-Business SuiteHigh
By exploiting this vulnerability, a remote unauthenticated attacker could modify business information. Please fill out the...
Oracle E-Business SuiteHigh
By exploiting this vulnerability, a remote unauthenticated attacker could get sensitive information. Please fill out the...
Oracle E-Business SuiteHigh
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected...
SAP NetweaverHigh
Oracle E-Business SuiteCritical
By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements. Please fill out the...
Oracle E-Business SuiteCritical
By exploiting this vulnerability, unauthenticated attacker could execute arbitrary SQL statements. Please fill out the form...
Oracle E-Business SuiteCritical
By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements. Please fill out the...
Oracle E-Business SuiteCritical
By exploiting this vulnerability, an unauthenticated attacker could render the platform in-operative.
Oracle E-Business SuiteCritical
By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements. Please fill out the...
Oracle E-Business SuiteMedium
By exploiting this vulnerability, a remote unauthenticated attacker could get access to sensitive information. Please fill...
Oracle E-Business SuiteMedium
By exploiting this vulnerability, a remote authenticated attacker could modify calendar events. Please fill out the form...
SAP NetweaverMedium
By exploiting this vulnerability, a remote unauthenticated attacker could get information about the system architecture....
SAP NetweaverMedium
By exploiting this vulnerability, an unauthenticated attacker could inject malicious code in the back-office application...
SAP MobileMedium
By exploiting this vulnerability, an unauthenticated attacker may obtain clear-text passwords of SAP Mobile users and get...
SAP MobileMedium
By exploiting this vulnerability, a remote attacker may obtain clear-text passwords of SAP Mobile Defense and Security users...
SAP MobileMedium
By exploiting this vulnerability, a remote attacker may obtain clear-text passwords of SAP Mobile Defense and Security users...
Oracle E-Business SuiteHigh
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected...
Oracle E-Business SuiteCritical
By exploiting this vulnerability, unauthenticated attacker could execute arbitrary SQL statements. Please fill out the form...
SAP BusinessObjectsMedium
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
SAP NetweaverMedium
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
SAP J2EEHigh
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
Oracle E-Business SuiteMedium
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Oracle E-Business SuiteMedium
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Oracle E-Business SuiteMedium
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Oracle E-Business SuiteMedium
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Oracle E-Business SuiteMedium
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
SAP NetweaverMedium
By exploiting this SAP Netweaver vulnerability, an attacker could obtain access to additional SAP systems, therefore potentially...
SAP NetweaverMedium
By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding the evidence after an attack...
SAP NetweaverMedium
By exploiting this SAP Netweaver vulnerability, an attacker could impersonate another person. Please fill in the following...
SAP NetweaverMedium
By exploiting this SAP Netweaver vulnerability, an attacker could bypass protections implemented in the SAP systems, potentially...
SAP NetweaverHigh
By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding his trails after an attack...
SAP NetweaverCritical
By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding his trails after an attack...
SAP NetweaverCritical
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
SAP NetweaverCritical
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
SAP NetweaverCritical
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
SAP NetweaverCritical
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
SAP NetweaverCritical
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
Project SystemLow
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
SAP NetweaverCritical
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
JD EdwardsMedium
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could shut down the Server Manager. Please...
Oracle E-Business SuiteMedium
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Oracle E-Business SuiteMedium
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Oracle E-Business SuiteMedium
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Oracle E-Business SuiteMedium
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
JD EdwardsHigh
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could remotely shutdown the entire JD Edwards...
JD EdwardsCritical
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could achieve administrative rights and would...
JD EdwardsCritical
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could create users in the Server Manager,...
JD EdwardsCritical
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could retrieve the administration user and...
SAP HANAMedium
By exploiting this SAP HANA vulnerability, a remote unauthenticated attacker could obtain technical information about the...
SAP HANAMedium
By exploiting this SAP HANA vulnerability, a remote unauthenticated attacker could obtain valid usernames that could be used...
SAP TREXMedium
By exploiting this SAP TREX vulnerability, an attacker could discover information relating to servers. This information could...
SAP HANAHigh
By exploiting this SAP HANA vulnerability, an attacker could tamper the audit logs, hiding evidence of an attack to a HANA...
SAP TREXHigh
By exploiting this SAP TREX vulnerability an unauthenticated attacker could modify any information indexed by the SAP system....
SAP TREXHigh
By exploiting this SAP TREX vulnerability, a remote unauthenticated attacker could access arbitrary business information...
SAP TREXCritical
By exploiting this SAP TREX vulnerability, an unauthenticated attacker could access and modify any information indexed by...
SAP HANALow
By exploiting this SAP HANA vulnerability, an attacker could access business information indexed by the SAP system. Please...
SAP HANAMedium
By exploiting this SAP HANA vulnerability, an unauthenticated attacker could render the system unavailable and potentially...
SAP HANAMedium
By exploiting this vulnerability, an unauthenticated attacker could obtain technical information that could be used by an...
SAP HANAMedium
By exploiting this vulnerability, an unauthenticated attacker could potentially render the system unavailable. Please fill...
SAP HANAMedium
By exploiting this vulnerability, an unauthenticated attacker could obtain technical information of the SAP HANA System which...
SAP HANAMedium
By exploiting this vulnerability, an unauthenticated attacker could obtain technical information of the SAP HANA System which...
SAP HANAMedium
By exploiting this vulnerability, an unauthenticated attacker could obtain technical information of the SAP HANA System which...
SAP HANAHigh
By exploiting this vulnerability, a remote authenticated attacker could render the SAP HANA Platform unavailable to other...
SAP HANAHigh
By exploiting this vulnerability, an unauthenticated attacker could render the SAP HANA system completely unavailable due...
SAP HANAHigh
By exploiting this SAP HANA vulnerability, an unauthenticated attacker could copy business-relevant information from the...
SAP HANAHigh
By exploiting this vulnerability, an unauthenticated attacker could copy business-relevant information from the SAP HANA...
SAP HANAHigh
By exploiting this vulnerability, an unauthenticated attacker could read arbitrary business-relevant information from the...
SAP HANAHigh
By exploiting this vulnerability, an unauthenticated attacker could render the SAP HANA system completely unavailable due...
SAP HANACritical
By exploiting this vulnerability, an unauthenticated attacker could completely compromise the system, and would be able to...
SAP HANACritical
By exploiting this vulnerability, a remote unauthenticated attacker could completely compromise the system, and would be...
SAP HANACritical
By exploiting this vulnerability, an unauthenticated attacker could completely compromise the system and would be able to...
SAP HANACritical
By exploiting this SAP HANA vulnerability, an unauthenticated attacker could delete business-relevant information from the...
SAP HANACritical
By exploiting this vulnerability, an unauthenticated attacker could relocate the information stored in the SAP HANA System...
SAP HANACritical
By exploiting this SAP HANA vulnerability, an unauthenticated attacker could override business-relevant information in the...
SAP HANACritical
By exploiting this vulnerability, an unauthenticated attacker could completely compromise the system, and would be able to...
SAP HANAMedium
By exploiting this vulnerability, a remote unauthenticated attacker could remotely read technical information that could...
SAP BusinessObjectsLow
By exploiting this vulnerability, an attacker could hide audit information logged by the SAP system. Please fill in the following...
SAP HANAMedium
By exploiting this vulnerability a remote unauthenticated attacker would be able to attack other users of the system. Please...
SAP KERNELMedium
By Abusing this SAP KERNEL functionality, a remote and unauthenticated attacker would be able to gain sensitive information...