SAP® and Oracle® Security Advisories

Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.

SAP KERNEL
Low

07/29/2019

SAP SDLREG Fixed Key for Encryption

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
Oracle E-Business Suite
High

07/18/2018

Multiple Oracle E-Business Suite Open Redirection

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
Oracle E-Business Suite
High

07/18/2018

Multiple Oracle E-Business Suite Cross-Site Scripting (XSS)

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
SAP KERNEL
Medium

06/14/2018

SAP SDLREG Fixed Key for Encryption

By exploiting this vulnerability an unauthenticated attacker could access and modify any information indexed by the SAP system. Please fill out the form to download the security advisory.

Read More
SAP Netweaver
Medium

06/14/2018

SAP SCI Missing Authorization Check

By exploiting this vulnerability, a remote unauthenticated attacker may discover security vulnerabilities affecting the system, potentially being able to leverage them in a second step. Please fill out the form to download the security advisory.

Read More
SAP Netweaver
Medium

06/14/2018

SAP SCI Information Disclosure HTTP

By exploiting this vulnerability, a remote unauthenticated attacker may discover security vulnerabilities affecting the system, potentially being able to leverage them in a second step. Please fill out the form to download the security advisory.

Read More
SAP HANA
Medium

06/14/2018

SAP Information Disclosure

By exploiting this vulnerability, a remote unauthenticated attacker could get information about the system architecture. Please fill out the form to download the security advisory.

Read More
SAP ERP
Medium

06/14/2018

SAP Header Injection

By exploiting this vulnerability, a remote unauthenticated attacker could get business information. Please fill out the form to download the security advisory.

Read More
SAP Netweaver
High

06/14/2018

SAP Code Injection

SAP Code Injection Impact on Business An authenticated attacker can cause a denial-of-service condition for other users, preventing them from accessing the system via the SAP GUI. Additionally, the attacker can modify or delete user-specific favorite nodes, leading to operational disruption and loss of convenience features for the affected business users. Vulnerability Details A specific…

Read More
910111213

Page 11 of 30