Security Advisories

The Onapsis Research Labs delivers regular SAP® and Oracle® vulnerability research to our ecosystem of customers, partners and the information security industry.

Onapsis security advisories enable customers to better understand the security and business implications of discovered SAP and Oracle security issues. This enables organizations to prioritize patches, updates and their remediation strategies to ensure continuity of the business. Onapsis security advisories, together with vendor patches and security notes, are available for download to provide vendors and end-users with the necessary information to mitigate advanced threats to mission-critical applications running on SAP and Oracle.

Critical
SAP
09/21/2016
SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT
By exploiting this vulnerability, an authenticated user will be able to take full control of the system.
Critical
SAP
09/21/2016
SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP
By exploiting this vulnerability, an authenticated user will be able to take full control of the system.
Critical
SAP
09/21/2016
SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC
By exploiting this vulnerability, an authenticated user will be able to take full control of the system.
Critical
SAP
09/21/2016
SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV
By exploiting this vulnerability, an authenticated user will be able to take full control of the system.
Critical
SAP
09/21/2016
SAP OS Command Injection in PREPARE_CHECK_CAPACITY
By exploiting this vulnerability, an authenticated user will be able to take full control of the system.
Medium
SAP
09/21/2016
SAP Missing Signature Check in DSA Algorithm
By exploiting this vulnerability, an attacker could impersonate another person.
Critical
SAP
09/20/2016
SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG
By exploiting this vulnerability, an authenticated user will be able to take full control of the system.
Medium
Oracle
07/28/2016
Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3439
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system.
Medium
Oracle
07/28/2016
Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3438
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system.
Medium
Oracle
07/28/2016
Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3437
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system.
Medium
Oracle
07/28/2016
Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3436
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system.
Oracle
07/28/2016
JD Edwards JDENET End of File DoS
By exploiting this vulnerability, an unauthenticated attacker could remotely shutdown the entire JD Edwards infrastructure.