SAP® and Oracle® Security Advisories

Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.

SAP Netweaver
High

06/14/2018

SAP Code Injection

By exploiting this vulnerability, a remote attacker could access and modify any business information. Please fill out the form to download the security advisory.

Read More
Oracle E-Business Suite
High

02/09/2018

Oracle E-Business Suite Multiple XSS

By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Please fill out the form to download the security advisory.

Read More
SAP J2EE
High

06/13/2017

SAP SLD Authentication Information Disclosure

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
SAP Netweaver
High

09/21/2016

SAP Security Audit Log Invalid Address Logging

By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding his trails after an attack to a SAP system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…

Read More
JD Edwards
High

07/28/2016

JD Edwards JDENET Type 8 DoS

By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could remotely shutdown the entire JD Edwards infrastructure. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
SAP TREX
High

07/20/2016

SAP TREX Arbitrary File Write

By exploiting this SAP TREX vulnerability an unauthenticated attacker could modify any information indexed by the SAP system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
SAP TREX
High

07/20/2016

SAP TREX Remote Directory Traversal

By exploiting this SAP TREX vulnerability, a remote unauthenticated attacker could access arbitrary business information from the SAP system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
SAP HANA
High

07/20/2016

SAP HANA Arbitrary Audit Injection via HTTP Requests

By exploiting this SAP HANA vulnerability, an attacker could tamper the audit logs, hiding evidence of an attack to a HANA system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
SAP HANA
High

11/09/2015

SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory corruption

By exploiting this vulnerability, a remote authenticated attacker could render the SAP HANA Platform unavailable to other users until the next process restart. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…

Read More
3456

Page 5 of 6