Security Advisories

The Onapsis Research Labs delivers regular SAP® and Oracle® vulnerability research to our ecosystem of customers, partners and the information security industry.

Onapsis security advisories enable customers to better understand the security and business implications of discovered SAP and Oracle security issues. This enables organizations to prioritize patches, updates and their remediation strategies to ensure continuity of the business. Onapsis security advisories, together with vendor patches and security notes, are available for download to provide vendors and end-users with the necessary information to mitigate advanced threats to mission-critical applications running on SAP and Oracle.

Medium
Oracle
07/28/2016
Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3438
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system.
Medium
Oracle
07/28/2016
Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3437
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system.
Medium
Oracle
07/28/2016
Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3436
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system.
Oracle
07/28/2016
JD Edwards JDENET End of File DoS
By exploiting this vulnerability, an unauthenticated attacker could remotely shutdown the entire JD Edwards infrastructure.
Critical
Oracle
07/28/2016
JD Edwards JDENET Password Disclosure
By exploiting this vulnerability, an unauthenticated attacker could achieve administrative rights and would be able to potentially compromise all information stored and processed on the JDE System.
Medium
Oracle
07/28/2016
JD Edwards Server Manager Shutdown
By exploiting this vulnerability, an unauthenticated attacker could shut down the Server Manager.
Critical
Oracle
07/28/2016
JD Edwards Server Manager Password Disclosure
By exploiting this vulnerability, an unauthenticated attacker could retrieve the administration user and passwords from the Server Manager. This could lead to a potential compromise of the entire JDE…
Critical
Oracle
07/28/2016
JD Edwards Server Manager Create User
By exploiting this vulnerability, an unauthenticated attacker could create users in the Server Manager, ultimately compromising the entire JDE landscape and all of its information and processes.
High
Oracle
07/28/2016
JD Edwards JDENET Type 8 DoS
By exploiting this vulnerability, an unauthenticated attacker could remotely shutdown the entire JD Edwards infrastructure.
07/20/2016
SAP HANA Potential Wrong Encryption
By exploiting this vulnerability, a remote unauthenticated attacker could access arbitrary business information from the SAP system.
07/20/2016
SAP HANA Potential Remote Code Execution
By exploiting this vulnerability, an unauthenticated attacker could access and modify any information indexed by the SAP system.
07/20/2016
SAP HANA Password Disclosure
By exploiting this vulnerability, a remote attacker may obtain clear-text passwords of SAP HANA users and get critical information.