Sitemap | Terms of Use | Privacy Policy |
Quality Policy | Disclosure Policy |
Security Vulnerability Reporting Guidelines |
©2024 Onapsis | All rights reserved
Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.
SAP Netweaver JAVAHigh
04/15/2024
SAP Netweaver JAVAMedium
03/07/2024
SAP Netweaver JAVAMedium
02/01/2024
SAP Netweaver JAVAMedium
02/01/2024
SAP Netweaver JAVAMedium
01/29/2024
SAP Netweaver JAVACritical
01/10/2024
SAP Netweaver JAVACritical
11/03/2023
SAP Netweaver JAVACritical
11/01/2023
SAP Netweaver JAVACritical
10/30/2023
SAP Netweaver JAVACritical
10/26/2023
SAP Netweaver JAVAHigh
04/05/2022
Impact On Business This vulnerability can be used by an attacker to make a Denial of Service to SAP Netweaver Java, making...
SAP Enterprise PortalMedium
01/26/2022
SAPCritical
12/15/2021
Note: Please bear in mind that all the information provided here is subject to change due to how quickly new attacks and...
SAP Enterprise PortalMedium
11/21/2021
SAP KERNELMedium
11/21/2021
SAP KERNELHigh
11/21/2021
SAP Netweaver JAVAHigh
11/21/2021
Wily Introscope EnterpriseHigh
06/14/2021
SAP Hybris eCommerceHigh
06/14/2021
SAP Hybris eCommerceHigh
06/14/2021
Solution ManagerHigh
06/14/2021
SAP Solution ManagerCritical
06/14/2021
Wily Introscope EnterpriseCritical
06/14/2021
SAP MIICritical
06/14/2021
SAP NetweaverHigh
03/19/2021
Solution ManagerCritical
03/19/2021
SAP KERNELLow
07/29/2019
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
Oracle E-Business SuiteHigh
07/18/2018
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
Oracle E-Business SuiteHigh
07/18/2018
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
SAP ERPMedium
06/14/2018
By exploiting this vulnerability, an attacker who previously accessed a mobile phone connected to an SAP system could potentially...
SAP BusinessObjectsMedium
06/14/2018
By exploiting this vulnerability an attacker could discover information relating to servers. This information could be used...
SAP BusinessObjectsMedium
06/14/2018
By exploiting this vulnerability an attacker could shut down all SAP systems. Please fill out the form to download the security...
SAP ERPMedium
06/14/2018
By exploiting this vulnerability, a remote unauthenticated attacker could get business information. Please fill out the form...
SAP HANAMedium
06/14/2018
By exploiting this vulnerability, a remote unauthenticated attacker could get information about the system architecture....
SAP NetweaverMedium
06/14/2018
By exploiting this vulnerability, a remote unauthenticated attacker may discover security vulnerabilities affecting the system,...
SAP NetweaverMedium
06/14/2018
By exploiting this vulnerability, a remote unauthenticated attacker may discover security vulnerabilities affecting the system,...
SAP KERNELMedium
06/14/2018
By exploiting this vulnerability an unauthenticated attacker could access and modify any information indexed by the SAP system....
Oracle E-Business SuiteHigh
06/14/2018
By exploiting this vulnerability, a remote unauthenticated attacker could get sensitive information. Please fill out the...
Oracle E-Business SuiteHigh
06/14/2018
By exploiting this vulnerability, a remote unauthenticated attacker could modify business information. Please fill out the...
Oracle E-Business SuiteHigh
06/14/2018
By exploiting this vulnerability, a remote unauthenticated attacker could get sensitive information. Please fill out the...
Oracle E-Business SuiteHigh
06/14/2018
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected...
Oracle E-Business SuiteCritical
06/14/2018
By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements. Please fill out the...
Oracle E-Business SuiteCritical
06/14/2018
By exploiting this vulnerability, unauthenticated attacker could execute arbitrary SQL statements. Please fill out the form...
Oracle E-Business SuiteCritical
06/14/2018
By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements. Please fill out the...
Oracle E-Business SuiteCritical
06/14/2018
By exploiting this vulnerability, an unauthenticated attacker could render the platform in-operative.
Oracle E-Business SuiteCritical
06/13/2018
By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements. Please fill out the...
Oracle E-Business SuiteMedium
02/09/2018
By exploiting this vulnerability, a remote unauthenticated attacker could get access to sensitive information. Please fill...
Oracle E-Business SuiteMedium
02/09/2018
By exploiting this vulnerability, a remote authenticated attacker could modify calendar events. Please fill out the form...
SAP NetweaverMedium
02/09/2018
By exploiting this vulnerability, a remote unauthenticated attacker could get information about the system architecture....
SAP NetweaverMedium
02/09/2018
By exploiting this vulnerability, an unauthenticated attacker could inject malicious code in the back-office application...
SAP MobileMedium
02/09/2018
By exploiting this vulnerability, an unauthenticated attacker may obtain clear-text passwords of SAP Mobile users and get...
SAP MobileMedium
02/09/2018
By exploiting this vulnerability, a remote attacker may obtain clear-text passwords of SAP Mobile Defense and Security users...
SAP MobileMedium
02/09/2018
By exploiting this vulnerability, a remote attacker may obtain clear-text passwords of SAP Mobile Defense and Security users...
Oracle E-Business SuiteHigh
02/09/2018
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected...
Oracle E-Business SuiteCritical
02/09/2018
By exploiting this vulnerability, unauthenticated attacker could execute arbitrary SQL statements. Please fill out the form...
SAP BusinessObjectsMedium
07/18/2017
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
SAP NetweaverMedium
06/13/2017
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
SAP J2EEHigh
06/13/2017
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
Oracle E-Business SuiteMedium
09/21/2016
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Oracle E-Business SuiteMedium
09/21/2016
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Oracle E-Business SuiteMedium
09/21/2016
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Oracle E-Business SuiteMedium
09/21/2016
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Oracle E-Business SuiteMedium
09/21/2016
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
SAP NetweaverMedium
09/21/2016
By exploiting this SAP Netweaver vulnerability, an attacker could obtain access to additional SAP systems, therefore potentially...
SAP NetweaverMedium
09/21/2016
By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding the evidence after an attack...
SAP NetweaverMedium
09/21/2016
By exploiting this SAP Netweaver vulnerability, an attacker could impersonate another person. Please fill in the following...
SAP NetweaverMedium
09/21/2016
By exploiting this SAP Netweaver vulnerability, an attacker could bypass protections implemented in the SAP systems, potentially...
SAP NetweaverHigh
09/21/2016
By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding his trails after an attack...
SAP NetweaverCritical
09/21/2016
By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding his trails after an attack...
SAP NetweaverCritical
09/21/2016
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
SAP NetweaverCritical
09/21/2016
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
SAP NetweaverCritical
09/21/2016
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
SAP NetweaverCritical
09/21/2016
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
SAP NetweaverCritical
09/21/2016
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
Project SystemLow
09/21/2016
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
SAP NetweaverCritical
09/20/2016
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
JD EdwardsMedium
07/28/2016
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could shut down the Server Manager. Please...
Oracle E-Business SuiteMedium
07/28/2016
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Oracle E-Business SuiteMedium
07/28/2016
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Oracle E-Business SuiteMedium
07/28/2016
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Oracle E-Business SuiteMedium
07/28/2016
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
JD EdwardsHigh
07/28/2016
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could remotely shutdown the entire JD Edwards...
JD EdwardsCritical
07/28/2016
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could achieve administrative rights and would...
JD EdwardsCritical
07/28/2016
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could create users in the Server Manager,...
JD EdwardsCritical
07/28/2016
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could retrieve the administration user and...
SAP HANAMedium
07/20/2016
By exploiting this SAP HANA vulnerability, a remote unauthenticated attacker could obtain technical information about the...
SAP HANAMedium
07/20/2016
By exploiting this SAP HANA vulnerability, a remote unauthenticated attacker could obtain valid usernames that could be used...
SAP TREXMedium
07/20/2016
By exploiting this SAP TREX vulnerability, an attacker could discover information relating to servers. This information could...
SAP HANAHigh
07/20/2016
By exploiting this SAP HANA vulnerability, an attacker could tamper the audit logs, hiding evidence of an attack to a HANA...
SAP TREXHigh
07/20/2016
By exploiting this SAP TREX vulnerability an unauthenticated attacker could modify any information indexed by the SAP system....
SAP TREXHigh
07/20/2016
By exploiting this SAP TREX vulnerability, a remote unauthenticated attacker could access arbitrary business information...
SAP TREXCritical
07/20/2016
By exploiting this SAP TREX vulnerability, an unauthenticated attacker could access and modify any information indexed by...
SAP HANALow
07/20/2016
By exploiting this SAP HANA vulnerability, an attacker could access business information indexed by the SAP system. Please...
SAP HANAMedium
11/09/2015
By exploiting this SAP HANA vulnerability, an unauthenticated attacker could render the system unavailable and potentially...
SAP HANAMedium
11/09/2015
By exploiting this vulnerability, an unauthenticated attacker could obtain technical information that could be used by an...
SAP HANAMedium
11/09/2015
By exploiting this vulnerability, an unauthenticated attacker could potentially render the system unavailable. Please fill...
SAP HANAMedium
11/09/2015
By exploiting this vulnerability, an unauthenticated attacker could obtain technical information of the SAP HANA System which...
SAP HANAMedium
11/09/2015
By exploiting this vulnerability, an unauthenticated attacker could obtain technical information of the SAP HANA System which...
SAP HANAMedium
11/09/2015
By exploiting this vulnerability, an unauthenticated attacker could obtain technical information of the SAP HANA System which...
SAP HANAHigh
11/09/2015
By exploiting this vulnerability, a remote authenticated attacker could render the SAP HANA Platform unavailable to other...
SAP HANAHigh
11/09/2015
By exploiting this vulnerability, an unauthenticated attacker could render the SAP HANA system completely unavailable due...
SAP HANAHigh
11/09/2015
By exploiting this SAP HANA vulnerability, an unauthenticated attacker could copy business-relevant information from the...
SAP HANAHigh
11/09/2015
By exploiting this vulnerability, an unauthenticated attacker could copy business-relevant information from the SAP HANA...
SAP HANAHigh
11/09/2015
By exploiting this vulnerability, an unauthenticated attacker could read arbitrary business-relevant information from the...
SAP HANAHigh
11/09/2015
By exploiting this vulnerability, an unauthenticated attacker could render the SAP HANA system completely unavailable due...
SAP HANACritical
11/09/2015
By exploiting this vulnerability, an unauthenticated attacker could completely compromise the system, and would be able to...
SAP HANACritical
11/09/2015
By exploiting this vulnerability, a remote unauthenticated attacker could completely compromise the system, and would be...
SAP HANACritical
11/09/2015
By exploiting this vulnerability, an unauthenticated attacker could completely compromise the system and would be able to...
SAP HANACritical
11/09/2015
By exploiting this SAP HANA vulnerability, an unauthenticated attacker could delete business-relevant information from the...
SAP HANACritical
11/09/2015
By exploiting this vulnerability, an unauthenticated attacker could relocate the information stored in the SAP HANA System...
SAP HANACritical
11/09/2015
By exploiting this SAP HANA vulnerability, an unauthenticated attacker could override business-relevant information in the...
SAP HANACritical
11/09/2015
By exploiting this vulnerability, an unauthenticated attacker could completely compromise the system, and would be able to...
SAP HANAMedium
11/08/2015
By exploiting this vulnerability, a remote unauthenticated attacker could remotely read technical information that could...
SAP BusinessObjectsLow
09/21/2015
By exploiting this vulnerability, an attacker could hide audit information logged by the SAP system. Please fill in the following...
SAP HANAMedium
03/12/2015
By exploiting this vulnerability a remote unauthenticated attacker would be able to attack other users of the system. Please...
SAP KERNELMedium
01/04/2011
By Abusing this SAP KERNEL functionality, a remote and unauthenticated attacker would be able to gain sensitive information...