SAP® and Oracle® Security Advisories
Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.
06/14/2021
Hard-coded Credentials in CA Introscope Enterprise Manager
Impact On Business Unauthenticated attackers can bypass the authentication if the default passwords for Admin and Guest users have not been changed by the administrator. This may impact the confidentiality of the service. Affected Components Description CA Introscope Enterprise Manager is part of CA APM Introscope(R), an application performance management solution to manage Java Application…
03/19/2021
SAP Multiple root LPE through SAP Host Control
Impact On Business A malicious authenticated attacker, with privileges of SAP SMD Agent access, could abuse some SAP Host Control functions’ lack of sanitization, in order to escalate its privileges and execute commands as root/system user. Affected Components Description The SAP Host Agent is an agent which allows controlling and monitoring SAP and non-SAP instances….
03/19/2021
[SAP RECON] SAP JAVA: Unauthenticated execution of configuration tasks
Impact On Business A malicious unauthenticated user could abuse the lack of authentication check on a particular web service exposed by default in SAP Netweaver JAVA stack, allowing them to fully compromise the targeted system. Affected Components Description LM CONFIGURATION WIZARD is a part of SAP NetWeaver JAVA which is a foundational layer used by…
07/18/2018
Multiple Oracle E-Business Suite Cross-Site Scripting (XSS)
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
07/18/2018
Multiple Oracle E-Business Suite Open Redirection
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
06/14/2018
Oracle E-Business Suite Information Disclosure
By exploiting this vulnerability, a remote unauthenticated attacker could get sensitive information. Please fill out the form to download the security advisory.
06/14/2018
Oracle E-Business Suite Incorrect Log Handling
By exploiting this vulnerability, a remote unauthenticated attacker could modify business information. Please fill out the form to download the security advisory.
06/14/2018
Oracle E-Business Suite Information Disclosure
By exploiting this vulnerability, a remote unauthenticated attacker could get sensitive information. Please fill out the form to download the security advisory.
06/14/2018
Oracle E-Business Suite Stored Cross-Site Scripting
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Please fill out the form to download the security advisory.