SAP® and Oracle® Security Advisories
Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.
07/18/2025
SAP EA-DFPS – Syslog pollution
SAP EA-DFPS – Syslog pollution Impact On Business By polluting the main SAP system logging, attacker could, among other things : Hide malicious activity Force the syslog to reach its limit then overwrite itself to remove activity Add false alert to create distraction Affected Components Description From the official SAP website. Due to the specific…
07/17/2025
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP Impact On Business Impact depends on the victim’s privileges. In most cases, a successful attack allows an attacker to hijack a session, or force the victim to perform an undesired request in SAP Netweaver ABAP. Affected Components Description SAP NetWeaver Application Server for ABAP provides…
12/15/2021
Guidance for CVE-2021-44228 (Log4Shell) and SAP Applications
Note: Please bear in mind that all the information provided here is subject to change due to how quickly new attacks and evasions for the proposed mitigations are found. Information on this page last updated 10 AM EST on 27 December 2021 UPDATES 12/27/2021: UPDATES 12/17/2021: Introduction On December 9th, a critical vulnerability (CVE-2021-44228) was…
03/19/2021
SAP Multiple root LPE through SAP Host Control
Impact On Business A malicious authenticated attacker, with privileges of SAP SMD Agent access, could abuse some SAP Host Control functions’ lack of sanitization, in order to escalate its privileges and execute commands as root/system user. Affected Components Description The SAP Host Agent is an agent which allows controlling and monitoring SAP and non-SAP instances….