CONTACT US
Search
CONTACT US

SAP® and Oracle® Security Advisories

Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.

SAP Solution ManagerHigh
09/27/2024

Arbitrary execution of RFC functions through CCM_AGS_CC_SIM_API_START

Read More
SAP Solution ManagerMedium
09/27/2024

Reflected Cross Site Scripting in CRM_BSP_FRAME class

Read More
SAP Solution ManagerMedium
09/20/2024

Reflected Cross Site Scripting in CL_HTTP_EXT_SERVICE_POST_DEMO class

Read More
SAP Solution ManagerMedium
09/20/2024

Reflected Cross Site Scripting in PING_PONG demo app

Read More
SAP Solution ManagerMedium
09/19/2024

Reflected Cross Site Scripting in COVER_BY_BSP app

Read More
SAP Solution ManagerMedium
09/18/2024

Reflected Cross Site Scripting in SESSION_HTML app

Read More
SAP NetweaverCritical
09/18/2024

Directory Traversal in SAP NetWeaver Application Server (AS) for ABAP and ABAP Platform

Read More
SAP NetweaverHigh
09/18/2024

Directory Traversal vulnerability in SAP NetWeaver (BI_CONT Add-On)

Read More
SAP NetweaverMedium
09/18/2024

Multiple Reflected Cross Site Scripting vulnerabilities in SBSPEXT_PHTMLB package

Read More
SAP NetweaverHigh
09/18/2024

Directory Traversal in SAP NetWeaver Application Server (AS) for ABAP and ABAP Platform

Read More
SAP Solution ManagerMedium
09/18/2024

Reflected Cross Site Scripting in WBA_SESS_REPORT app

Read More
SAP JAVACritical
09/18/2024

SAP MII Remote Code Execution Due to Unrestricted File Upload

Read More
SAP Biller DirectMedium
09/18/2024

Arbitrary Redirect in Biller Direct 7.50

Read More
SAP KERNELHigh
08/16/2024

MS_ACL_INFO bypass under special conditions

Read More
SAP Netweaver JAVACritical
08/16/2024

Unauthenticated potential RCE in FM_GPCR_OS_COMMAND P4 service

Read More
SAP Netweaver JAVAHigh
08/16/2024

Unauthenticated blind SSRF in SmdSapHostAgentBridge

Read More
SAP Netweaver JAVAHigh
08/13/2024

Unauthenticated blind SSRF in SAPGrmgClassicCollector

Read More
SAP Netweaver JAVAHigh
08/13/2024

Unauthenticated blind SSRF in SAPPingHTTPCollector

Read More
SAP Netweaver JAVACritical
08/13/2024

Unauthenticated RCE in EventLogServiceCollector

Read More
SAP Netweaver JAVAHigh
04/15/2024

Unauthenticated JNDI Injection in RemoteObjectFactory P4 service

Read More
SAP Netweaver JAVAMedium
03/07/2024

Unauthenticated Information Disclosure in ObjectAnalyzer P4 service

Read More
SAP Netweaver JAVAMedium
02/01/2024

Unauthenticated Information Disclosure in CacheRegionAnalyzer P4 service

Read More
SAP Netweaver JAVAMedium
02/01/2024

Unauthenticated Information Disclosure in deploy P4 service

Read More
SAP Netweaver JAVAMedium
01/29/2024

Unauthenticated Information Disclosure in classload P4 service

Read More
SAP Netweaver JAVACritical
01/10/2024

Unauthenticated JNDI Injection in SAP Enterprise Portal

Read More
SAP Netweaver JAVACritical
11/03/2023

Unauthenticated read of OS files and DoS in locking P4 service

Read More
SAP Netweaver JAVACritical
11/01/2023

Unauthenticated RFC execution and plain password leak in rfcengine P4 service

Read More
SAP Netweaver JAVACritical
10/30/2023

Unauthenticated SQL Injection and DoS in SeachFacade P4 service

Read More
SAP Netweaver JAVACritical
10/26/2023

Unauthenticated SQL Injection and DoS in JobBean P4 service

Read More
SAP Netweaver JAVAHigh
04/05/2022

Denial of Service in SAP NetWeaver JAVA

Impact On Business This vulnerability can be used by an attacker to make a Denial of Service to SAP Netweaver Java, making...
Read More
SAP Web DispatcherHigh
04/05/2022

HTTP Request Smuggling in SAP Web Dispatcher

Read More
SAP Enterprise PortalMedium
01/26/2022

SAP Enterprise Portal - Anonymous Stored Open Redirect

Read More
SAP KERNELHigh
01/26/2022

Null Pointer Dereference vulnerability in SAP CommonCryptoLib

Read More
SAP Enterprise PortalHigh
01/26/2022

SAP Enterprise Portal - SSRF iviewCatcherEditor

Read More
SAP Enterprise PortalHigh
01/26/2022

SAP Enterprise Portal - XSS NavigationReporter

Read More
SAP Enterprise PortalHigh
01/26/2022

SAP Enterprise Portal - XSS RunContentCreation

Read More
SAP Enterprise PortalCritical
01/26/2022

SAP Enterprise Portal - XSLT injection

Read More
SAPCritical
12/15/2021

Guidance for CVE-2021-44228 (Log4Shell) and SAP Applications

Note: Please bear in mind that all the information provided here is subject to change due to how quickly new attacks and...
Read More
SAP Enterprise PortalMedium
11/21/2021

Exposed Sensitive Information within SAP Enterprise Portal

Read More
SAP KERNELMedium
11/21/2021

Memory Corruption Vulnerability in SAP NetWeaver ABAP IGS Service

Read More
SAP KERNELHigh
11/21/2021

Memory Corruption Vulnerability in SAP NetWeaver

Read More
SAP KERNELHigh
11/21/2021

Memory Corruption Vulnerability in SAP NetWeaver Gateway Service

Read More
SAP Netweaver JAVAHigh
11/21/2021

XXE Vulnerability in SAP JAVA NetWeaver System Connections

Read More
SAP Solution ManagerHigh
06/14/2021

Denial of Service Vulnerability in SAP SolMan

Read More
Wily Introscope EnterpriseHigh
06/14/2021

Hard-coded Credentials in CA Introscope Enterprise Manager

Read More
SAP Hybris eCommerceHigh
06/14/2021

SAP Hybris eCommerce SSRF in Acceleratorservices Module

Read More
SAP Hybris eCommerceHigh
06/14/2021

SAP Hybris eCommerce Exposure of Sensitive Information

Read More
Solution ManagerHigh
06/14/2021

Missing Authorization Check in SAP SolMan Experience Monitoring

Read More
SAP Netweaver JAVACritical
06/14/2021

Missing Authentication Check In SAP NetWeaver

Read More
SAP Solution ManagerCritical
06/14/2021

Missing authorization check in SAP Solution Manager

Read More
Wily Introscope EnterpriseCritical
06/14/2021

OS Command Injection Vulnerability in SAP Wily Introscope Enterprise

Read More
SAP MIICritical
06/14/2021

SAP Manufacturing Integration & Intelligence Lack of Server Side Validations

Read More
SAP Solution ManagerLow
06/14/2021

SAP Solution Manager Open Redirect from Trace Analysis

Read More
SAPHigh
03/19/2021

SAP Multiple root LPE through SAP Host Control

Read More
SAP NetweaverHigh
03/19/2021

[SAP RECON] SAP JAVA: Unauthenticated execution of configuration tasks

Read More
SAP JAVACritical
03/19/2021

SAP Java OS Remote Code Execution

Read More
Solution ManagerCritical
03/19/2021

Unauthenticated RCE in SAP SMD Agents through SAP SolMan

Read More
SAP KERNELLow
07/29/2019

SAP SDLREG Fixed Key for Encryption

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
Read More
Oracle E-Business SuiteHigh
07/18/2018

Multiple Oracle E-Business Suite Cross-Site Scripting (XSS)

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
Read More
Oracle E-Business SuiteHigh
07/18/2018

Multiple Oracle E-Business Suite Open Redirection

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
Read More
SAP ERPMedium
06/14/2018

SAP Two-Factor Authentication Soft-Token Cloning

By exploiting this vulnerability, an attacker who previously accessed a mobile phone connected to an SAP system could potentially...
Read More
SAP BusinessObjectsMedium
06/14/2018

SAP BusinessObjects Information Disclosure via CORBA

By exploiting this vulnerability an attacker could discover information relating to servers. This information could be used...
Read More
SAP BusinessObjectsMedium
06/14/2018

SAP BusinessObjects Remote Denial of Service via CORBA

By exploiting this vulnerability an attacker could shut down all SAP systems. Please fill out the form to download the security...
Read More
SAP ERPMedium
06/14/2018

SAP Header Injection

By exploiting this vulnerability, a remote unauthenticated attacker could get business information. Please fill out the form...
Read More
SAP HANAMedium
06/14/2018

SAP Information Disclosure

By exploiting this vulnerability, a remote unauthenticated attacker could get information about the system architecture....
Read More
SAP NetweaverMedium
06/14/2018

SAP SCI Information Disclosure HTTP

By exploiting this vulnerability, a remote unauthenticated attacker may discover security vulnerabilities affecting the system,...
Read More
SAP NetweaverMedium
06/14/2018

SAP SCI Missing Authorization Check

By exploiting this vulnerability, a remote unauthenticated attacker may discover security vulnerabilities affecting the system,...
Read More
SAP KERNELMedium
06/14/2018

SAP SDLREG Fixed Key for Encryption

By exploiting this vulnerability an unauthenticated attacker could access and modify any information indexed by the SAP system....
Read More
Oracle E-Business SuiteHigh
06/14/2018

Oracle E-Business Suite Information Disclosure

By exploiting this vulnerability, a remote unauthenticated attacker could get sensitive information. Please fill out the...
Read More
Oracle E-Business SuiteHigh
06/14/2018

Oracle E-Business Suite Incorrect Log Handling

By exploiting this vulnerability, a remote unauthenticated attacker could modify business information. Please fill out the...
Read More
Oracle E-Business SuiteHigh
06/14/2018

Oracle E-Business Suite Information Disclosure

By exploiting this vulnerability, a remote unauthenticated attacker could get sensitive information. Please fill out the...
Read More
Oracle E-Business SuiteHigh
06/14/2018

Oracle E-Business Suite Stored Cross-Site Scripting

By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected...
Read More
SAP NetweaverHigh
06/14/2018

SAP Code Injection

Read More
Oracle E-Business SuiteCritical
06/14/2018

Oracle E-Business Suite SQL Injection in GanttDataServer

By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements. Please fill out the...
Read More
Oracle E-Business SuiteCritical
06/14/2018

Oracle E-Business Suite SQL Injection in ieurequesthandler

By exploiting this vulnerability, unauthenticated attacker could execute arbitrary SQL statements. Please fill out the form...
Read More
Oracle E-Business SuiteCritical
06/14/2018

Oracle E-Business Suite SQL Injection in Shopfloor Server

By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements. Please fill out the...
Read More
Oracle E-Business SuiteCritical
06/14/2018

Oracle OpenJDK Denial Of Service

By exploiting this vulnerability, an unauthenticated attacker could render the platform in-operative.
Read More
Oracle E-Business SuiteCritical
06/13/2018

Oracle E-Business Suite SQL Injection in DataManagerServer

By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements. Please fill out the...
Read More
Oracle E-Business SuiteMedium
02/09/2018

Oracle E-Business Suite Information Disclosure

By exploiting this vulnerability, a remote unauthenticated attacker could get access to sensitive information. Please fill...
Read More
Oracle E-Business SuiteMedium
02/09/2018

Oracle E-Business Suite Missing Authorization

By exploiting this vulnerability, a remote authenticated attacker could modify calendar events. Please fill out the form...
Read More
SAP NetweaverMedium
02/09/2018

SAP Information Disclosure

By exploiting this vulnerability, a remote unauthenticated attacker could get information about the system architecture....
Read More
SAP NetweaverMedium
02/09/2018

SAP Java CSV Injection

By exploiting this vulnerability, an unauthenticated attacker could inject malicious code in the back-office application...
Read More
SAP MobileMedium
02/09/2018

SAP Mobile Client Database Credentials Stored in Plain Text

By exploiting this vulnerability, an unauthenticated attacker may obtain clear-text passwords of SAP Mobile users and get...
Read More
SAP MobileMedium
02/09/2018

SAP Mobile Defense and Security Hardcoded Key

By exploiting this vulnerability, a remote attacker may obtain clear-text passwords of SAP Mobile Defense and Security users...
Read More
SAP MobileMedium
02/09/2018

SAP Mobile Defense and Security Weak Encryption

By exploiting this vulnerability, a remote attacker may obtain clear-text passwords of SAP Mobile Defense and Security users...
Read More
Oracle E-Business SuiteHigh
02/09/2018

Oracle E-Business Suite Multiple XSS

By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected...
Read More
Oracle E-Business SuiteCritical
02/09/2018

Oracle E-Business Suite SQL Injections

By exploiting this vulnerability, unauthenticated attacker could execute arbitrary SQL statements. Please fill out the form...
Read More
SAP BusinessObjectsMedium
07/18/2017

SAP BusinessObjects Patch Level Detection via CORBA

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
Read More
SAP NetweaverMedium
06/13/2017

SAP Download Manager Weak Cryptography

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
Read More
SAP J2EEHigh
06/13/2017

SAP SLD Authentication Information Disclosure

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
Read More
Oracle E-Business SuiteMedium
09/21/2016

Oracle E-Business Suite Cross Site Scripting (XSS) II

By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Read More
Oracle E-Business SuiteMedium
09/21/2016

Oracle E-Business Suite Cross Site Scripting (XSS) IV

By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Read More
Oracle E-Business SuiteMedium
09/21/2016

Oracle E-Business Suite Cross Site Scripting (XSS) V

By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Read More
Oracle E-Business SuiteMedium
09/21/2016

Oracle E-Business Suite Cross Site Scripting (XSS) VI

By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Read More
Oracle E-Business SuiteMedium
09/21/2016

Oracle E-Business Suite Cross Site Scripting (XSS) VIII

By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Read More
SAP NetweaverMedium
09/21/2016

SAP Console Insecure Password Storage

By exploiting this SAP Netweaver vulnerability, an attacker could obtain access to additional SAP systems, therefore potentially...
Read More
SAP NetweaverMedium
09/21/2016

SAP Gateway Arbitrary Log Injection

By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding the evidence after an attack...
Read More
SAP NetweaverMedium
09/21/2016

SAP Missing Signature Check in DSA Algorithm

By exploiting this SAP Netweaver vulnerability, an attacker could impersonate another person. Please fill in the following...
Read More
SAP NetweaverMedium
09/21/2016

SAP UCON Security Protection Bypass

By exploiting this SAP Netweaver vulnerability, an attacker could bypass protections implemented in the SAP systems, potentially...
Read More
SAP NetweaverHigh
09/21/2016

SAP Security Audit Log Invalid Address Logging

By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding his trails after an attack...
Read More
SAP NetweaverCritical
09/21/2016

SAP OS Command Injection in PREPARE_CHECK_CAPACITY

By exploiting this SAP Netweaver vulnerability, an attacker could tamper the audit logs, hiding his trails after an attack...
Read More
SAP NetweaverCritical
09/21/2016

SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV

By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
Read More
SAP NetweaverCritical
09/21/2016

SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC

By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
Read More
SAP NetweaverCritical
09/21/2016

SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP

By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
Read More
SAP NetweaverCritical
09/21/2016

SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT

By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
Read More
SAP NetweaverCritical
09/21/2016

SAP OS Command Injection in SCTC_REORG_SPOOL

By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
Read More
Project SystemLow
09/21/2016

SAP SLDREG Memory Corruption

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download...
Read More
SAP NetweaverCritical
09/20/2016

SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG

By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please...
Read More
JD EdwardsMedium
07/28/2016

JD Edwards Server Manager Shutdown

By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could shut down the Server Manager. Please...
Read More
Oracle E-Business SuiteMedium
07/28/2016

Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3436

By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Read More
Oracle E-Business SuiteMedium
07/28/2016

Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3437

By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Read More
Oracle E-Business SuiteMedium
07/28/2016

Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3438

By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Read More
Oracle E-Business SuiteMedium
07/28/2016

Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3439

By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by...
Read More
JD EdwardsHigh
07/28/2016

JD Edwards JDENET Type 8 DoS

By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could remotely shutdown the entire JD Edwards...
Read More
JD EdwardsCritical
07/28/2016

JD Edwards JDENET Password Disclosure

By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could achieve administrative rights and would...
Read More
JD EdwardsCritical
07/28/2016

JD Edwards Server Manager Create User

By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could create users in the Server Manager,...
Read More
JD EdwardsCritical
07/28/2016

JD Edwards Server Manager Password Disclosure

By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could retrieve the administration user and...
Read More
SAP HANAMedium
07/20/2016

SAP HANA Get Topology Information Disclosure

By exploiting this SAP HANA vulnerability, a remote unauthenticated attacker could obtain technical information about the...
Read More
SAP HANAMedium
07/20/2016

SAP HANA User Information Disclosure

By exploiting this SAP HANA vulnerability, a remote unauthenticated attacker could obtain valid usernames that could be used...
Read More
SAP TREXMedium
07/20/2016

SAP TREX TNS Information Disclosure in NameServer

By exploiting this SAP TREX vulnerability, an attacker could discover information relating to servers. This information could...
Read More
SAP HANAHigh
07/20/2016

SAP HANA Arbitrary Audit Injection via HTTP Requests

By exploiting this SAP HANA vulnerability, an attacker could tamper the audit logs, hiding evidence of an attack to a HANA...
Read More
SAP TREXHigh
07/20/2016

SAP TREX Arbitrary File Write

By exploiting this SAP TREX vulnerability an unauthenticated attacker could modify any information indexed by the SAP system....
Read More
SAP TREXHigh
07/20/2016

SAP TREX Remote Directory Traversal

By exploiting this SAP TREX vulnerability, a remote unauthenticated attacker could access arbitrary business information...
Read More
SAP TREXCritical
07/20/2016

SAP TREX Remote Command Execution

By exploiting this SAP TREX vulnerability, an unauthenticated attacker could access and modify any information indexed by...
Read More
SAP HANALow
07/20/2016

SAP HANA Information Disclosure in EXPORT

By exploiting this SAP HANA vulnerability, an attacker could access business information indexed by the SAP system. Please...
Read More
SAP HANAMedium
11/09/2015

SAP HANA TrexNet Remote Directory Creation

By exploiting this SAP HANA vulnerability, an unauthenticated attacker could render the system unavailable and potentially...
Read More
SAP HANAMedium
11/09/2015

SAP HANA TrexNet Remote Environment Disclosure

By exploiting this vulnerability, an unauthenticated attacker could obtain technical information that could be used by an...
Read More
SAP HANAMedium
11/09/2015

SAP HANA TrexNet Remote File Creation

By exploiting this vulnerability, an unauthenticated attacker could potentially render the system unavailable. Please fill...
Read More
SAP HANAMedium
11/09/2015

SAP HANA TrexNet Remote Files List

By exploiting this vulnerability, an unauthenticated attacker could obtain technical information of the SAP HANA System which...
Read More
SAP HANAMedium
11/09/2015

SAP HANA TrexNet Remote Traces List

By exploiting this vulnerability, an unauthenticated attacker could obtain technical information of the SAP HANA System which...
Read More
SAP HANAMedium
11/09/2015

SAP HANA TrexNet TNS Information Disclosure

By exploiting this vulnerability, an unauthenticated attacker could obtain technical information of the SAP HANA System which...
Read More
SAP HANAHigh
11/09/2015

SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory corruption

By exploiting this vulnerability, a remote authenticated attacker could render the SAP HANA Platform unavailable to other...
Read More
SAP HANAHigh
11/09/2015

SAP HANA TrexNet Remote Denial of Service

By exploiting this vulnerability, an unauthenticated attacker could render the SAP HANA system completely unavailable due...
Read More
SAP HANAHigh
11/09/2015

SAP HANA TrexNet Remote Directory Copy

By exploiting this SAP HANA vulnerability, an unauthenticated attacker could copy business-relevant information from the...
Read More
SAP HANAHigh
11/09/2015

SAP HANA TrexNet Remote File Copy

By exploiting this vulnerability, an unauthenticated attacker could copy business-relevant information from the SAP HANA...
Read More
SAP HANAHigh
11/09/2015

SAP HANA TrexNet Remote File Read

By exploiting this vulnerability, an unauthenticated attacker could read arbitrary business-relevant information from the...
Read More
SAP HANAHigh
11/09/2015

SAP HANA TrexNet Remote Process Kill

By exploiting this vulnerability, an unauthenticated attacker could render the SAP HANA system completely unavailable due...
Read More
SAP HANACritical
11/09/2015

SAP HANA Remote Code Execution (HTTP based)

By exploiting this vulnerability, an unauthenticated attacker could completely compromise the system, and would be able to...
Read More
SAP HANACritical
11/09/2015

SAP HANA Remote Code Execution (SQL based)

By exploiting this vulnerability, a remote unauthenticated attacker could completely compromise the system, and would be...
Read More
SAP HANACritical
11/09/2015

SAP HANA TrexNet Remote Command Execution

By exploiting this vulnerability, an unauthenticated attacker could completely compromise the system and would be able to...
Read More
SAP HANACritical
11/09/2015

SAP HANA TrexNet Remote Directory Deletion

By exploiting this SAP HANA vulnerability, an unauthenticated attacker could delete business-relevant information from the...
Read More
SAP HANACritical
11/09/2015

SAP HANA TrexNet Remote File Move

By exploiting this vulnerability, an unauthenticated attacker could relocate the information stored in the SAP HANA System...
Read More
SAP HANACritical
11/09/2015

SAP HANA TrexNet Remote File Write

By exploiting this SAP HANA vulnerability, an unauthenticated attacker could override business-relevant information in the...
Read More
SAP HANACritical
11/09/2015

SAP HANA TrexNet Remote Python Execution

By exploiting this vulnerability, an unauthenticated attacker could completely compromise the system, and would be able to...
Read More
SAP HANAMedium
11/08/2015

SAP HANA Remote Trace Disclosure

By exploiting this vulnerability, a remote unauthenticated attacker could remotely read technical information that could...
Read More
SAP BusinessObjectsLow
09/21/2015

SAP Business Objects Memory Corruption

By exploiting this vulnerability, an attacker could hide audit information logged by the SAP system. Please fill in the following...
Read More
SAP HANAMedium
03/12/2015

Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Webbased Development Workbench

By exploiting this vulnerability a remote unauthenticated attacker would be able to attack other users of the system. Please...
Read More
SAP KERNELMedium
01/04/2011

SAP Management Console Information Disclosure

By Abusing this SAP KERNEL functionality, a remote and unauthenticated attacker would be able to gain sensitive information...
Read More

    Sitemap  | Terms of Use | Privacy Policy   |  Quality Policy  |  Disclosure PolicySecurity Vulnerability Reporting Guidelines |  ©2025 Onapsis  |  All rights reserved