SAP® and Oracle® Security Advisories
Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.
09/18/2024
Multiple Reflected Cross Site Scripting vulnerabilities in SBSPEXT_PHTMLB package
Multiple Reflected Cross Site Scripting vulnerabilities in SBSPEXT_PHTMLB package Impact On Business By exploiting any of these vulnerabilities a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal user sessions or other information. Affected Components Description SAP_BASIS 700 SP…
03/19/2021
[SAP RECON] SAP JAVA: Unauthenticated execution of configuration tasks
Impact On Business A malicious unauthenticated user could abuse the lack of authentication check on a particular web service exposed by default in SAP Netweaver JAVA stack, allowing them to fully compromise the targeted system. Affected Components Description LM CONFIGURATION WIZARD is a part of SAP NetWeaver JAVA which is a foundational layer used by…
06/14/2018
SAP SCI Information Disclosure HTTP
By exploiting this vulnerability, a remote unauthenticated attacker may discover security vulnerabilities affecting the system, potentially being able to leverage them in a second step. Please fill out the form to download the security advisory.
06/14/2018
SAP Code Injection
By exploiting this vulnerability, a remote attacker could access and modify any business information. Please fill out the form to download the security advisory.
06/14/2018
SAP SCI Missing Authorization Check
By exploiting this vulnerability, a remote unauthenticated attacker may discover security vulnerabilities affecting the system, potentially being able to leverage them in a second step. Please fill out the form to download the security advisory.
02/09/2018
SAP Information Disclosure
By exploiting this vulnerability, a remote unauthenticated attacker could get information about the system architecture. Please fill out the form to download the security advisory.
02/09/2018
SAP Java CSV Injection
By exploiting this vulnerability, an unauthenticated attacker could inject malicious code in the back-office application to get or modify information systems. Please fill out the form to download the security advisory.
06/13/2017
SAP Download Manager Weak Cryptography
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/21/2016
SAP OS Command Injection in SCTC_REORG_SPOOL
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits: