SAP® and Oracle® Security Advisories
Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.
09/21/2016
Oracle E-Business Suite Cross Site Scripting (XSS) II
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…
09/21/2016
SAP UCON Security Protection Bypass
By exploiting this SAP Netweaver vulnerability, an attacker could bypass protections implemented in the SAP systems, potentially executing arbitrary business processes. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/21/2016
Oracle E-Business Suite Cross Site Scripting (XSS) IV
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…
09/20/2016
SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
07/28/2016
JD Edwards JDENET End of File DoS
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
07/28/2016
JD Edwards JDENET Password Disclosure
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could achieve administrative rights and would be able to potentially compromise all information stored and processed on the JDE System. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email….
07/28/2016
JD Edwards JDENET Type 8 DoS
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could remotely shutdown the entire JD Edwards infrastructure. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
07/28/2016
JD Edwards Server Manager Create User
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could create users in the Server Manager, ultimately compromising the entire JDE landscape and all of its information and processes. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email….
07/28/2016
JD Edwards Server Manager Password Disclosure
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could retrieve the administration user and passwords from the Server Manager. This could lead to a potential compromise of the entire JDE landscape hence all of its information and processes. Please fill in the following form in order to download the selected Onapsis’ resource. The…