Security Advisories

The Onapsis Research Labs delivers regular SAP® and Oracle® vulnerability research to our ecosystem of customers, partners and the information security industry.

Onapsis security advisories enable customers to better understand the security and business implications of discovered SAP and Oracle security issues. This enables organizations to prioritize patches, updates and their remediation strategies to ensure continuity of the business. Onapsis security advisories, together with vendor patches and security notes, are available for download to provide vendors and end-users with the necessary information to mitigate advanced threats to mission-critical applications running on SAP and Oracle.

Critical
Oracle
06/14/2018
Oracle E-Business Suite SQL Injection in ieurequesthandler
By exploiting this vulnerability, unauthenticated attacker could execute arbitrary SQL statements.
Critical
Oracle
06/14/2018
Oracle E-Business Suite SQL Injection in GanttDataServer
By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements.
High
Oracle
06/14/2018
Oracle E-Business Suite Information Disclosure
By exploiting this vulnerability, a remote unauthenticated attacker could get sensitive information.
High
Oracle
06/14/2018
Oracle E-Business Suite Incorrect Log Handling
By exploiting this vulnerability, a remote unauthenticated attacker could modify business information.
Critical
Oracle
06/14/2018
Oracle OpenJDK Denial Of Service
By exploiting this vulnerability, an unauthenticated attacker could render the platform in-operative.
Medium
SAP
06/14/2018
SAP Two-Factor Authentication Soft-Token Cloning
By exploiting this vulnerability, an attacker who previously accessed a mobile phone connected to an SAP system could potentially access all the business information stored and processed in the SAP…
High
Oracle
06/14/2018
Oracle E-Business Suite Information Disclosure
By exploiting this vulnerability, a remote unauthenticated attacker could get sensitive information.
Medium
SAP
06/14/2018
SAP SDLREG Fixed Key for Encryption
By exploiting this vulnerability an unauthenticated attacker could access and modify any information indexed by the SAP system.
Medium
SAP
06/14/2018
SAP SCI Missing Authorization Check
By exploiting this vulnerability, a remote unauthenticated attacker may discover security vulnerabilities affecting the system, potentially being able to leverage them in a second step.
Medium
SAP
06/14/2018
SAP SCI Information Disclosure HTTP
By exploiting this vulnerability, a remote unauthenticated attacker may discover security vulnerabilities affecting the system, potentially being able to leverage them in a second step.
Medium
SAP
06/14/2018
SAP Information Disclosure
By exploiting this vulnerability, a remote unauthenticated attacker could get information about the system architecture.
Medium
SAP
06/14/2018
SAP Header Injection
By exploiting this vulnerability, a remote unauthenticated attacker could get business information.