Security Advisories

The Onapsis Research Labs delivers regular SAP® and Oracle® vulnerability research to our ecosystem of customers, partners and the information security industry.

Onapsis security advisories enable customers to better understand the security and business implications of discovered SAP and Oracle security issues. This enables organizations to prioritize patches, updates and their remediation strategies to ensure continuity of the business. Onapsis security advisories, together with vendor patches and security notes, are available for download to provide vendors and end-users with the necessary information to mitigate advanced threats to mission-critical applications running on SAP and Oracle.

Critical
Oracle
06/13/2018
Oracle E-Business Suite SQL Injection in DataManagerServer
By exploiting this vulnerability, an unauthenticated attacker could execute arbitrary SQL statements.
Critical
Oracle
02/09/2018
Oracle E-Business Suite SQL Injections
By exploiting this vulnerability, unauthenticated attacker could execute arbitrary SQL statements.
High
Oracle
02/09/2018
Oracle E-Business Suite Multiple XSS
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system.
Medium
Oracle
02/09/2018
Oracle E-Business Suite Missing Authorization
By exploiting this vulnerability, a remote authenticated attacker could modify calendar events.
Medium
Oracle
02/09/2018
Oracle E-Business Suite Information Disclosure
By exploiting this vulnerability, a remote unauthenticated attacker could get access to sensitive information.
Medium
SAP
02/09/2018
SAP Mobile Defense and Security Weak Encryption
By exploiting this vulnerability, a remote attacker may obtain clear-text passwords of SAP Mobile Defense and Security users and get critical information.
Medium
SAP
02/09/2018
SAP Mobile Defense and Security Hardcoded Key
By exploiting this vulnerability, a remote attacker may obtain clear-text passwords of SAP Mobile Defense and Security users and get critical information.
Medium
SAP
02/09/2018
SAP Mobile Client Database Credentials Stored in Plain Text
By exploiting this vulnerability, an unauthenticated attacker may obtain clear-text passwords of SAP Mobile users and get critical information.
Medium
SAP
02/09/2018
SAP Java CSV Injection
By exploiting this vulnerability, an unauthenticated attacker could inject malicious code in the back-office application to get or modify information systems.
Medium
SAP
02/09/2018
SAP Information Disclosure
By exploiting this vulnerability, a remote unauthenticated attacker could get information about the system architecture.
Medium
SAP
07/18/2017
SAP BusinessObjects Patch Level Detection via CORBA
By exploiting this vulnerability an attacker could learn the SAP version and then understand which vulnerabilities could exploit.
Medium
SAP
06/13/2017
SAP Download Manager Weak Cryptography
By exploiting this SAP Vulnerability an attacker that has previously compromised a workstation could access additional information from the SAP applications