SAP® and Oracle® Security Advisories

Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.

SAP Netweaver
Medium

02/09/2018

SAP Java CSV Injection

By exploiting this vulnerability, an unauthenticated attacker could inject malicious code in the back-office application to get or modify information systems. Please fill out the form to download the security advisory.

Read More
SAP BusinessObjects
Medium

07/18/2017

SAP BusinessObjects Patch Level Detection via CORBA

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
SAP Netweaver
Medium

06/13/2017

SAP Download Manager Weak Cryptography

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
SAP J2EE
High

06/13/2017

SAP SLD Authentication Information Disclosure

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
SAP Netweaver
Critical

09/21/2016

SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC

By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
SAP Netweaver
Critical

09/21/2016

SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP

By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
SAP Netweaver
Critical

09/21/2016

SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT

By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
SAP Netweaver
Critical

09/21/2016

SAP OS Command Injection in SCTC_REORG_SPOOL

By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Read More
SAP Netweaver
High

09/21/2016

SAP Security Audit Log Invalid Address Logging

By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding his trails after an attack to a SAP system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…

Read More
1213141516

Page 14 of 30