SAP® and Oracle® Security Advisories

Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.

Solution Manager
High

06/14/2021

Missing Authorization Check in SAP SolMan Experience Monitoring

Impact On Business Any authenticated user of the Solution Manager is able to craft/ upload and execute EEM scripts on the SMDAgents affecting its Integrity, Confidentiality and Availability. Affected Components Description SAP SolMan 7.2 introduces a bunch of web services which run on top of the SAP Java NetWeaver stack. The affected versions have a…

Read More
Solution Manager
Critical

03/19/2021

Unauthenticated RCE in SAP SMD Agents through SAP SolMan

Impact On Business A malicious unauthenticated user could abuse the lack of authentication check on SAP Solution Manager User-Experience Monitoring web service, allowing them to remotely execute commands in all hosts connected to the targeted SolMan through these SMD Agents. Affected Components Description SAP SolMan 7.2 introduces a bunch of web services which run on…

Read More