SAP® and Oracle® Security Advisories

Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.

SAP JAVA
Critical

09/18/2024

SAP MII Remote Code Execution Due to Unrestricted File Upload

SAP MII Remote Code Execution Due to Unrestricted File Upload Impact On Business An attacker that successfully exploits this vulnerability can execute OS Commands as adm user Affected Components Description Tested on following versions: SAP Java 7.40 with SAP MII 15.3 Vulnerability Details SAP MII (Manufacturing Integration and Intelligence) has a platform called “Self Service…

Read More
SAP JAVA
Critical

03/19/2021

SAP Java OS Remote Code Execution

Impact On Business A malicious authenticated attacker could abuse some particular services exposed by the SAP JAVA Netweaver allowing them to execute commands in the underlying operating system. Affected Components Description SAP NetWeaver JAVA is a foundational layer which is used by several SAP products, such as: SAP Enterprise portal SAP Solution Manager SAP PI/PO…

Read More