SAP® and Oracle® Security Advisories
Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.
06/14/2021
SAP Hybris eCommerce Exposure of Sensitive Information
Impact On Business An attacker can generate download-links sequentially targeting “impex” directory files. As a consequence, they will be able download most of these files, potentially disclosing critical Hybris information such as credentials. Affected Components Description SAP Hybris is an ecommerce platform that is used to address a family of products involving Customer Experience and…
03/19/2021
SAP Multiple root LPE through SAP Host Control
Impact On Business A malicious authenticated attacker, with privileges of SAP SMD Agent access, could abuse some SAP Host Control functions’ lack of sanitization, in order to escalate its privileges and execute commands as root/system user. Affected Components Description The SAP Host Agent is an agent which allows controlling and monitoring SAP and non-SAP instances….
03/19/2021
[SAP RECON] SAP JAVA: Unauthenticated execution of configuration tasks
Impact On Business A malicious unauthenticated user could abuse the lack of authentication check on a particular web service exposed by default in SAP Netweaver JAVA stack, allowing them to fully compromise the targeted system. Affected Components Description LM CONFIGURATION WIZARD is a part of SAP NetWeaver JAVA which is a foundational layer used by…
07/18/2018
Multiple Oracle E-Business Suite Cross-Site Scripting (XSS)
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
07/18/2018
Multiple Oracle E-Business Suite Open Redirection
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
06/14/2018
Oracle E-Business Suite Information Disclosure
By exploiting this vulnerability, a remote unauthenticated attacker could get sensitive information. Please fill out the form to download the security advisory.
06/14/2018
Oracle E-Business Suite Incorrect Log Handling
By exploiting this vulnerability, a remote unauthenticated attacker could modify business information. Please fill out the form to download the security advisory.
06/14/2018
Oracle E-Business Suite Information Disclosure
By exploiting this vulnerability, a remote unauthenticated attacker could get sensitive information. Please fill out the form to download the security advisory.
06/14/2018
Oracle E-Business Suite Stored Cross-Site Scripting
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Please fill out the form to download the security advisory.