SAP® and Oracle® Security Advisories

Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.

SAP Netweaver JAVA
High

11/21/2021

XXE Vulnerability in SAP JAVA NetWeaver System Connections

Impact On Business A high-privileged SAP JAVA NetWeaver user is able to abuse an XXE vulnerability with the goal of reading files from the OS (compromising confidentiality) and/or making system processes crash (compromising availability). Affected Components Description The ESP framework is a framework used inside SAP JAVA NetWeaver. Due to being part of this foundational…

Read More
SAP Netweaver JAVA
Critical

06/14/2021

Missing Authentication Check In SAP NetWeaver

Impact On Business A malicious unauthenticated user could abuse the lack of authentication check on SAP Java P2P cluster communication, in order  to connect to the respective TCP ports and perform different privileged actions, such as: Installing new trusted SSO providers Changing database connection parameters Gaining access to configuration information Modify network configurations and potentially…

Read More
123

Page 3 of 3