SAP® and Oracle® Security Advisories
Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.
07/28/2016
JD Edwards Server Manager Shutdown
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could shut down the Server Manager. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
07/28/2016
Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3436
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email.By registering, you will obtain the following benefits:
07/28/2016
Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3437
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…
07/28/2016
Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3438
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…
07/28/2016
Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3439
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…
07/20/2016
SAP TREX Remote Directory Traversal
By exploiting this SAP TREX vulnerability, a remote unauthenticated attacker could access arbitrary business information from the SAP system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
07/20/2016
SAP TREX Remote File Read
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
07/20/2016
SAP TREX TNS Information Disclosure in NameServer
By exploiting this SAP TREX vulnerability, an attacker could discover information relating to servers. This information could be used to allow the attacker to specialize their attacks. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you…
07/20/2016
SAP HANA Arbitrary Audit Injection via HTTP Requests
By exploiting this SAP HANA vulnerability, an attacker could tamper the audit logs, hiding evidence of an attack to a HANA system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits: