Security Advisories

The Onapsis Research Labs delivers regular SAP® and Oracle® vulnerability research to our ecosystem of customers, partners and the information security industry.

Onapsis security advisories enable customers to better understand the security and business implications of discovered SAP and Oracle security issues. This enables organizations to prioritize patches, updates and their remediation strategies to ensure continuity of the business. Onapsis security advisories, together with vendor patches and security notes, are available for download to provide vendors and end-users with the necessary information to mitigate advanced threats to mission-critical applications running on SAP and Oracle.

Medium
SAP
07/20/2016
SAP TREX TNS Information Disclosure in NameServer
By exploiting this vulnerability, an attacker could discover information relating to servers. This information could be used to allow the attacker to specialize their attacks.
07/20/2016
SAP TREX Remote File Read
By exploiting this vulnerability, a remote unauthenticated attacker could access arbitrary business information from the SAP system.
High
SAP
07/20/2016
SAP TREX Remote Directory Traversal
By exploiting this vulnerability, a remote unauthenticated attacker could access arbitrary business information from the SAP system.
Critical
SAP
07/20/2016
SAP TREX Remote Command Execution
By exploiting this vulnerability, an unauthenticated attacker could access and modify any information indexed by the SAP system.
High
SAP
07/20/2016
SAP TREX Arbitrary File Write
By exploiting this vulnerability an unauthenticated attacker could modify any information indexed by the SAP system.
Medium
SAP
07/20/2016
SAP HANA User Information Disclosure
By exploiting this vulnerability, a remote unauthenticated attacker could obtain valid usernames that could be used to support more complex attacks.
07/20/2016
SAP HANA SYSTEM User Brute Force Attack
By exploiting this vulnerability, a remote unauthenticated attacker could receive high privilleges on the HANA system with unrestricted access to any business information.
Critical
SAP
11/09/2015
SAP HANA Remote Code Execution (SQL based)
By exploiting this vulnerability, a remote unauthenticated attacker could completely compromise the system, and would be able to access and manage any business-relevant information or processes.
Critical
SAP
11/09/2015
SAP HANA Remote Code Execution (HTTP based)
By exploiting this vulnerability, an unauthenticated attacker could completely compromise the system, and would be able to access and manage any business-relevant information or processes. This could…
High
SAP
11/09/2015
SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory corruption
By exploiting this vulnerability, a remote authenticated attacker could render the SAP HANA Platform unavailable to other users until the next process restart.
Medium
SAP
11/09/2015
SAP HANA TrexNet TNS Information Disclosure
By exploiting this vulnerability, an unauthenticated attacker could obtain technical information of the SAP HANA System which could help facilitate further attacks against the system.
Medium
SAP
11/09/2015
SAP HANA TrexNet Remote Traces List
By exploiting this vulnerability, an unauthenticated attacker could obtain technical information of the SAP HANA System which could help to facilitate further attacks against the system.