SAP® and Oracle® Security Advisories

Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.

08/18/2025

XXE vulnerability in SAP NetWeaver AS Java – Guided Procedures

XXE vulnerability in SAP NetWeaver AS Java – Guided Procedures Impact On Business Successful attacks impact the confidentiality of the SAP Netweaver JAVA as well as being able to perform SSRF or retrieve files. Vulnerability Details The servlet caf~eu~gp~model~iforms~eap in SAP Netweaver JAVA, resolving external entities during the parsing of the fromprocessor XML response. Attackers…

08/18/2025

SAP Netweaver JAVA – Log viewer injection

SAP Netweaver JAVA – Log viewer injection Impact On Business An unauthenticated attacker can use the login form to create additional information entries in SAP Log Viewer leading to obscure actions, complicate the log analysis as well as could break some automated log analyser tools. Vulnerability Details It is possible to inject “NewLine” characters in…

08/16/2024

Unauthenticated potential RCE in FM_GPCR_OS_COMMAND P4 service

Unauthenticated potential RCE in FM_GPCR_OS_COMMAND P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a SAP Solution Manager java-based instance, could be able to execute OS commands and potentially compromise the targeted system Affected Components Description Tested on following versions: Java Kernel versions: 7.50.3301.472568.20220902101413 7.50.3301.467525.20210601093523 7.50.3301.407179.20200416085516   SERVERCORE/CORE-TOOLS/J2EE-FRMW components…

08/16/2024

Unauthenticated blind SSRF in SmdSapHostAgentBridge

Unauthenticated blind SSRF in SmdSapHostAgentBridge Impact On Business An anonymous attacker with access to the P4 port of the Java instance of a Solution Manager, could force the Diagnostic Agent to perform arbitrary server side requests. As a consequence, internal infrastructure could be affected leveraging the network position. Affected Components Description Tested on following versions:…

08/13/2024

Unauthenticated blind SSRF in SAPGrmgClassicCollector

Unauthenticated blind SSRF in SAPGrmgClassicCollector Impact On Business An anonymous attacker with access to the P4 port of the Java instance of a Solution Manager, could force the Diagnostic Agent to perform arbitrary server side requests. As a consequence, internal infrastructure could be affected leveraging the network position. Affected Components Description Tested on following versions:…

08/13/2024

Unauthenticated blind SSRF in SAPPingHTTPCollector

Unauthenticated blind SSRF in SAPPingHTTPCollector Impact On Business An anonymous attacker with access to the P4 port of the Java instance of a Solution Manager, could force the Diagnostic Agent to perform arbitrary server side requests. As a consequence, internal infrastructure could be affected leveraging the network position. Affected Components Description Tested on following versions:…

08/13/2024

Unauthenticated RCE in EventLogServiceCollector

Unauthenticated RCE in EventLogServiceCollector Impact On Business An anonymous attacker with access to the P4 port of the Java instance of a Solution Manager running on Windows OS, could execute arbitrary commands. As a consequence, despite having the possibility to fully compromise the targeted system, an attacker could leverage the network position to keep pivoting…

04/15/2024

Unauthenticated JNDI Injection in RemoteObjectFactory P4 service

Unauthenticated JNDI Injection in RemoteObjectFactory P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to exploita JNDI injection in order to be able to turn on applications. As a consequence, further attacks could be executed by leveraging flaws or features in the…

03/07/2024

Unauthenticated Information Disclosure in ObjectAnalyzer P4 service

Unauthenticated Information Disclosure in ObjectAnalyzer P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to exfiltrate sensitive technical information that could be leveraged for future attacks. This vulnerability is part of a bigger family named P4CHAINS. This group of bugs may cause…

Page 1 of 3