SAP® and Oracle® Security Advisories

Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.

SAP JAVA
Critical

03/19/2021

SAP Java OS Remote Code Execution

Impact On Business A malicious authenticated attacker could abuse some particular services exposed by the SAP JAVA Netweaver allowing them to execute commands in the underlying operating system. Affected Components Description SAP NetWeaver JAVA is a foundational layer which is used by several SAP products, such as: SAP Enterprise portal SAP Solution Manager SAP PI/PO…

Read More
Solution Manager
Critical

03/19/2021

Unauthenticated RCE in SAP SMD Agents through SAP SolMan

Impact On Business A malicious unauthenticated user could abuse the lack of authentication check on SAP Solution Manager User-Experience Monitoring web service, allowing them to remotely execute commands in all hosts connected to the targeted SolMan through these SMD Agents. Affected Components Description SAP SolMan 7.2 introduces a bunch of web services which run on…

Read More
Oracle E-Business Suite
Critical

06/14/2018

Oracle E-Business Suite SQL Injection in GanttDataServer

By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements. Please fill out the form to download the security advisory.

Read More
Oracle E-Business Suite
Critical

06/14/2018

Oracle E-Business Suite SQL Injection in ieurequesthandler

By exploiting this vulnerability, unauthenticated attacker could execute arbitrary SQL statements. Please fill out the form to download the security advisory.

Read More
Oracle E-Business Suite
Critical

06/14/2018

Oracle E-Business Suite SQL Injection in Shopfloor Server

By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements. Please fill out the form to download the security advisory.

Read More
Oracle E-Business Suite
Critical

06/14/2018

Oracle OpenJDK Denial Of Service

By exploiting this vulnerability, an unauthenticated attacker could render the platform in-operative.

Read More
Oracle E-Business Suite
Critical

06/13/2018

Oracle E-Business Suite SQL Injection in DataManagerServer

By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements. Please fill out the form to download the security advisory.

Read More
Oracle E-Business Suite
Critical

02/09/2018

Oracle E-Business Suite SQL Injections

By exploiting this vulnerability, unauthenticated attacker could execute arbitrary SQL statements. Please fill out the form to download the security advisory.

Read More
SAP Netweaver
Critical

09/21/2016

SAP OS Command Injection in PREPARE_CHECK_CAPACITY

By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding his trails after an attack to a SAP system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…

Read More
12345

Page 3 of 5