SAP® and Oracle® Security Advisories

Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.

Oracle E-Business Suite
Medium

09/21/2016

Oracle E-Business Suite Cross Site Scripting (XSS) VIII

By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…

Read More
SAP Netweaver
Medium

09/21/2016

SAP UCON Security Protection Bypass

By exploiting this SAP Netweaver vulnerability, an attacker could bypass protections implemented in the SAP systems, potentially executing arbitrary business processes. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
SAP Netweaver
Medium

09/21/2016

SAP Console Insecure Password Storage

By exploiting this SAP Netweaver vulnerability, an attacker could obtain access to additional SAP systems, therefore potentially compromising these systems, as well as the information stored and processed by them. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email….

Read More
SAP Netweaver
Medium

09/21/2016

SAP Missing Signature Check in DSA Algorithm

By exploiting this SAP Netweaver vulnerability, an attacker could impersonate another person. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
SAP Netweaver
Medium

09/21/2016

SAP Gateway Arbitrary Log Injection

By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding the evidence after an attack to a SAP system Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…

Read More
Oracle E-Business Suite
Medium

09/21/2016

Oracle E-Business Suite Cross Site Scripting (XSS) II

By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…

Read More
Oracle E-Business Suite
Medium

09/21/2016

Oracle E-Business Suite Cross Site Scripting (XSS) IV

By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…

Read More
Oracle E-Business Suite
Medium

09/21/2016

Oracle E-Business Suite Cross Site Scripting (XSS) V

By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…

Read More
JD Edwards
Medium

07/28/2016

JD Edwards Server Manager Shutdown

By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could shut down the Server Manager. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
56789

Page 7 of 9