Security Advisories

The Onapsis Research Labs delivers regular SAP® and Oracle® vulnerability research to our ecosystem of customers, partners and the information security industry.

Onapsis security advisories enable customers to better understand the security and business implications of discovered SAP and Oracle security issues. This enables organizations to prioritize patches, updates and their remediation strategies to ensure continuity of the business. Onapsis security advisories, together with vendor patches and security notes, are available for download to provide vendors and end-users with the necessary information to mitigate advanced threats to mission-critical applications running on SAP and Oracle.

High
SAP
01/26/2022
SAP Enterprise Portal - SSRF iviewCatcherEditor
Successful attacks can lead to various types of exploitation like CSRF, html injection, data exfiltration, depending on the victim's privileges.
High
SAP
01/26/2022
SAP Enterprise Portal - XSS NavigationReporter
Impact depends on the victim's privileges. In the worst case, a successful attack allows an attacker to hijack an administrator session and perform actions like exfiltrate data, change data or…
Critical
SAP
01/26/2022
SAP Enterprise Portal - XSLT injection
This XSLT vulnerability allows an unprivileged authenticated attacker to execute an OS command as SAP administrator OS-level (sidadm). This results in a full compromise of the confidentiality,…
High
SAP
01/26/2022
Null Pointer Dereference vulnerability in SAP CommonCryptoLib
An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash…
Medium
SAP
01/26/2022
SAP Enterprise Portal - Anonymous Stored Open Redirect
This URL Redirection vulnerability in SAP Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This gives…
High
SAP
01/26/2022
SAP Enterprise Portal - XSS RunContentCreation
Impact depends on the victim's privileges. In the worst case, a successful attack allows an attacker to hijack an administrator session and perform actions like exfiltrate data, change data or…
Critical
12/15/2021
Guidance for CVE-2021-44228 (Log4Shell) and SAP Applications
This advisory intends to help defenders better assess which systems in the landscape need rapid attention, which workarounds are available, and where to look for additional details in case they need…
Low
SAP
06/14/2021
SAP Solution Manager Open Redirect from Trace Analysis
Under certain circumstances, an attacker might be able to steal a cookie from the application. It may impact the confidentiality of the service.
Critical
SAP
03/19/2021
Unauthenticated RCE in SAP SMD Agents through SAP SolMan
A malicious unauthenticated user could abuse the lack of authentication check on SAP Solution Manager User-Experience Monitoring web service, allowing them to remotely execute commands in all hosts…
Critical
SAP
03/19/2021
SAP Java OS Remote Code Execution
A malicious authenticated attacker could abuse some particular services exposed by the SAP JAVA Netweaver allowing them to execute commands in the underlying operating system.
High
SAP
03/19/2021
[SAP RECON] SAP JAVA: Unauthenticated execution of configuration tasks
A malicious unauthenticated user could abuse the lack of authentication check on a particular web service exposed by default in SAP Netweaver JAVA stack, allowing them to fully compromise the…
High
03/19/2021
SAP Multiple root LPE through SAP Host Control
A malicious authenticated attacker, with privileges of SAP SMD Agent access, could abuse some SAP Host Control functions' lack of sanitization, in order to escalate its privileges and execute…