SAP® and Oracle® Security Advisories

Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.

SAP Hybris eCommerce
High

06/14/2021

SAP Hybris eCommerce SSRF in Acceleratorservices Module

Impact On Business SAP Hybris accelerator services module is vulnerable to server side request forgery, which means that an authenticated attacker is able to perform POST requests to any valid URL. Affected Components Description SAP Hybris is an ecommerce product platform that is used to address a family of products involving Customer Experience and Management….

Read More
SAP Hybris eCommerce
High

06/14/2021

SAP Hybris eCommerce Exposure of Sensitive Information

Impact On Business An attacker can generate download-links sequentially targeting “impex” directory files. As a consequence, they will be able download most of these files, potentially disclosing critical Hybris information such as credentials. Affected Components Description SAP Hybris is an ecommerce platform that is used to address a family of products involving Customer Experience and…

Read More