Security Advisories

The Onapsis Research Labs delivers regular SAP® and Oracle® vulnerability research to our ecosystem of customers, partners and the information security industry.

Onapsis security advisories enable customers to better understand the security and business implications of discovered SAP and Oracle security issues. This enables organizations to prioritize patches, updates and their remediation strategies to ensure continuity of the business. Onapsis security advisories, together with vendor patches and security notes, are available for download to provide vendors and end-users with the necessary information to mitigate advanced threats to mission-critical applications running on SAP and Oracle.

04/14/2011
SAP WebAS ITS Mobile Test Multiple Vulnerabilities
By exploiting this vulnerability, an internal or external attacker would be able to perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation,…
04/14/2011
SAP WebAS ITS Mobile Start Multiple Vulnerabilities
By exploiting this vulnerability, an internal or external attacker would be able to perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation,…
01/04/2011
SAP Management Console Unauthenticated Service Restart
By exploiting this vulnerability, an anonymous internal or external attacker would be able remotely disrupt the main management interface of the Organization's SAP systems. This would result in the…
Medium
SAP
01/04/2011
SAP Management Console Information Disclosure
https://go.pardot.com/l/127021/2015-12-21/ykd6
11/02/2010
Oracle Virtual Server Agent Local Privilege Escalation
By exploiting this vulnerability, a local authenticated attacker would be able to remotely compromise the OVS server, together with all the virtual machines configured on it. This would result in the…
11/02/2010
Oracle Virtual Server Agent Arbitrary File Access
By exploiting this vulnerability, an authenticated attacker would be able to remotely compromise the OVS server, together with all the virtual machines configured on it. This would result in the…
09/22/2010
SAP Management Console Multiple Denial of Service
By exploiting this vulnerability, an unauthenticated internal or external attacker would be able remotely disrupt the main management interface of the Organization's SAP systems. This would result in…
07/13/2010
SAP J2EE Web Services Navigator Cross-Site Scripting
By exploiting this vulnerability, an internal or external attacker would be able perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he…
02/20/2010
Oracle Virtual Server Agent Remote Command Execution
By exploiting this vulnerability, an authenticated attacker would be able to remotely compromise the OVS server, together with all the virtual machines configured on it. This would result in the…
02/10/2010
SAP WebDynpro Runtime XSS/CSS Injection
By exploiting this vulnerability, an internal or external attacker would be able perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he…
02/10/2010
SAP J2EE Engine MDB Path Traversal
By exploiting this vulnerability, an internal or external attacker would be able to access arbitrary files located in the SAP Server file-system. With this access, he would be able to obtain…
02/10/2010
SAP J2EE Authentication Phishing Vector
By exploiting this vulnerability, an internal or external attacker would be able perform attacks on the Organization's users through weaknesses in the SAP system. An attacker would send specially…