SAP® and Oracle® Security Advisories
Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.
11/09/2015
SAP HANA TrexNet Remote Environment Disclosure
By exploiting this vulnerability, an unauthenticated attacker could obtain technical information that could be used by an attacker to facilitate a targeted attack. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…
11/09/2015
SAP HANA TrexNet Remote File Copy
By exploiting this vulnerability, an unauthenticated attacker could copy business-relevant information from the SAP HANA System, allowing it to be easily accessed and render the system unavailable. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you…
11/08/2015
SAP HANA Remote Trace Disclosure
By exploiting this vulnerability, a remote unauthenticated attacker could remotely read technical information that could potentially grant him access to the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/29/2015
SAP HANA SQL injection in setTraceLevelsForXsApps function
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/29/2015
SAP HANA Trace configuration SQL injection
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/29/2015
SAP HANA XSJS Code Injection test-net
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/29/2015
SAP HANA XSS in role deletion through Web-based Workbench
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/29/2015
SAP HANA XSS in user creation through Web-based development
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/29/2015
SAP HANA Drop Credentials SQL injection
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits: