SAP® and Oracle® Security Advisories
Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.
09/21/2016
SAP Console Insecure Password Storage
By exploiting this SAP Netweaver vulnerability, an attacker could obtain access to additional SAP systems, therefore potentially compromising these systems, as well as the information stored and processed by them. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email….
09/21/2016
SAP Security Audit Log Invalid Address Logging
By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding his trails after an attack to a SAP system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…
09/21/2016
SAP UCON Security Protection Bypass
By exploiting this SAP Netweaver vulnerability, an attacker could bypass protections implemented in the SAP systems, potentially executing arbitrary business processes. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/21/2016
SAP Gateway Arbitrary Log Injection
By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding the evidence after an attack to a SAP system Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…
09/21/2016
SAP Missing Signature Check in DSA Algorithm
By exploiting this SAP Netweaver vulnerability, an attacker could impersonate another person. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/21/2016
SAP OS Command Injection in PREPARE_CHECK_CAPACITY
By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding his trails after an attack to a SAP system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…
09/21/2016
SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/21/2016
SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/21/2016
SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits: