SAP® and Oracle® Security Advisories

Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.

Solution Manager
Critical

03/19/2021

Unauthenticated RCE in SAP SMD Agents through SAP SolMan

Impact On Business A malicious unauthenticated user could abuse the lack of authentication check on SAP Solution Manager User-Experience Monitoring web service, allowing them to remotely execute commands in all hosts connected to the targeted SolMan through these SMD Agents. Affected Components Description SAP SolMan 7.2 introduces a bunch of web services which run on…

Read More
SAP JAVA
Critical

03/19/2021

SAP Java OS Remote Code Execution

Impact On Business A malicious authenticated attacker could abuse some particular services exposed by the SAP JAVA Netweaver allowing them to execute commands in the underlying operating system. Affected Components Description SAP NetWeaver JAVA is a foundational layer which is used by several SAP products, such as: SAP Enterprise portal SAP Solution Manager SAP PI/PO…

Read More
Oracle E-Business Suite
Critical

06/14/2018

Oracle E-Business Suite SQL Injection in GanttDataServer

By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements. Please fill out the form to download the security advisory.

Read More
Oracle E-Business Suite
Critical

06/14/2018

Oracle E-Business Suite SQL Injection in ieurequesthandler

By exploiting this vulnerability, unauthenticated attacker could execute arbitrary SQL statements. Please fill out the form to download the security advisory.

Read More
Oracle E-Business Suite
Critical

06/14/2018

Oracle E-Business Suite SQL Injection in Shopfloor Server

By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements. Please fill out the form to download the security advisory.

Read More
Oracle E-Business Suite
Critical

06/14/2018

Oracle OpenJDK Denial Of Service

By exploiting this vulnerability, an unauthenticated attacker could render the platform in-operative.

Read More
Oracle E-Business Suite
Critical

06/13/2018

Oracle E-Business Suite SQL Injection in DataManagerServer

By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements. Please fill out the form to download the security advisory.

Read More
Oracle E-Business Suite
Critical

02/09/2018

Oracle E-Business Suite SQL Injections

By exploiting this vulnerability, unauthenticated attacker could execute arbitrary SQL statements. Please fill out the form to download the security advisory.

Read More
SAP Netweaver
Critical

09/21/2016

SAP OS Command Injection in SCTC_REORG_SPOOL

By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
12345

Page 3 of 5