SAP® and Oracle® Security Advisories
Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.
09/21/2016
SAP OS Command Injection in PREPARE_CHECK_CAPACITY
By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding his trails after an attack to a SAP system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…
09/21/2016
SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/21/2016
SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/21/2016
SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/21/2016
SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/20/2016
SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
07/28/2016
JD Edwards JDENET Password Disclosure
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could achieve administrative rights and would be able to potentially compromise all information stored and processed on the JDE System. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email….
07/28/2016
JD Edwards Server Manager Create User
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could create users in the Server Manager, ultimately compromising the entire JDE landscape and all of its information and processes. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email….
07/28/2016
JD Edwards Server Manager Password Disclosure
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could retrieve the administration user and passwords from the Server Manager. This could lead to a potential compromise of the entire JDE landscape hence all of its information and processes. Please fill in the following form in order to download the selected Onapsis’ resource. The…