SAP^® and Oracle^® Security Advisories

Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.

SAP Netweaver

Medium

06/14/2018

SAP SCI Information Disclosure HTTP

By exploiting this vulnerability, a remote unauthenticated attacker may discover security vulnerabilities affecting the system, potentially being able to leverage them in a second step. Please fill out the form to download the security advisory.

SAP Netweaver

Medium

06/14/2018

SAP SCI Missing Authorization Check

SAP KERNEL

Medium

06/14/2018

SAP SDLREG Fixed Key for Encryption

By exploiting this vulnerability an unauthenticated attacker could access and modify any information indexed by the SAP system. Please fill out the form to download the security advisory.

SAP ERP

Medium

06/14/2018

SAP Two-Factor Authentication Soft-Token Cloning

By exploiting this vulnerability, an attacker who previously accessed a mobile phone connected to an SAP system could potentially access all the business information stored and processed in the SAP system. Please fill out the form to download the security advisory.

SAP BusinessObjects

Medium

06/14/2018

SAP BusinessObjects Information Disclosure via CORBA

By exploiting this vulnerability an attacker could discover information relating to servers. This information could be used to allow the attacker to specialize their attacks. Please fill out the form to download the security advisory.

SAP ERP

Medium

06/14/2018

SAP Header Injection

By exploiting this vulnerability, a remote unauthenticated attacker could get business information. Please fill out the form to download the security advisory.

SAP BusinessObjects

Medium

06/14/2018

SAP BusinessObjects Remote Denial of Service via CORBA

By exploiting this vulnerability an attacker could shut down all SAP systems. Please fill out the form to download the security advisory.

SAP HANA

Medium

06/14/2018

SAP Information Disclosure

By exploiting this vulnerability, a remote unauthenticated attacker could get information about the system architecture. Please fill out the form to download the security advisory.

SAP Mobile

Medium

02/09/2018

SAP Mobile Defense and Security Weak Encryption

By exploiting this vulnerability, a remote attacker may obtain clear-text passwords of SAP Mobile Defense and Security users and get critical information. Please fill out the form to download the security advisory.

«‹…3 456 7…›»

Page 5 of 9

Safeguarding Tomorrow: Empowering SAP Customers with Advanced Cyber Risk Management

Securing Your Future: Preparing for a Successful SAP RISE Transformation

Executive Threat Overview: Reported SAP Cyber Attack Severely Impacts Business Operations, Compromises Data at Global Manufacturer

Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)

Your S/4HANA Cloud Journey

SAP^® and Oracle^® Security Advisories

SAP SCI Information Disclosure HTTP

SAP SCI Missing Authorization Check

SAP SDLREG Fixed Key for Encryption

SAP Two-Factor Authentication Soft-Token Cloning

SAP BusinessObjects Information Disclosure via CORBA

SAP Header Injection

SAP BusinessObjects Remote Denial of Service via CORBA

SAP Information Disclosure

SAP Mobile Defense and Security Weak Encryption

SAP® and Oracle® Security Advisories

SAP^® and Oracle^® Security Advisories