New SAP & Onapsis Threat Intelligence: Active Cyberattacks on Business-Critical SAP Applications

Download the Report

Security Advisories

The Onapsis Research Labs delivers regular SAP® and Oracle® vulnerability research to our ecosystem of customers, partners and the information security industry.

Onapsis security advisories enable customers to better understand the security and business implications of discovered SAP and Oracle security issues. This enables organizations to prioritize patches, updates and their remediation strategies to ensure continuity of the business. Onapsis security advisories, together with vendor patches and security notes, are available for download to provide vendors and end-users with the necessary information to mitigate advanced threats to mission-critical applications running on SAP and Oracle.

Medium
SAP
11/09/2015
SAP HANA TrexNet TNS Information Disclosure
By exploiting this vulnerability, an unauthenticated attacker could obtain technical information of the SAP HANA System which could help facilitate further attacks against the system.
Medium
SAP
11/09/2015
SAP HANA TrexNet Remote Traces List
By exploiting this vulnerability, an unauthenticated attacker could obtain technical information of the SAP HANA System which could help to facilitate further attacks against the system.
Critical
SAP
11/09/2015
SAP HANA TrexNet Remote Python Execution
By exploiting this vulnerability, an unauthenticated attacker could completely compromise the system, and would be able to access and manage any business-relevant information or processes.
High
SAP
11/09/2015
SAP HANA TrexNet Remote Process Kill
By exploiting this vulnerability, an unauthenticated attacker could render the SAP HANA system completely unavailable due to system shutdown. Any business process or information hosted in the system…
Medium
SAP
11/09/2015
SAP HANA TrexNet Remote Files List
By exploiting this vulnerability, an unauthenticated attacker could obtain technical information of the SAP HANA System which could help facilitate further attacks against the system.
Critical
SAP
11/09/2015
SAP HANA TrexNet Remote File Write
By exploiting this vulnerability, an unauthenticated attacker could override business-relevant information in the SAP HANA System and could also render the system unavailable due to corrupted data.
High
SAP
11/09/2015
SAP HANA TrexNet Remote File Read
By exploiting this vulnerability, an unauthenticated attacker could read arbitrary business-relevant information from the SAP HANA System.
Critical
SAP
11/09/2015
SAP HANA TrexNet Remote File Move
By exploiting this vulnerability, an unauthenticated attacker could relocate the information stored in the SAP HANA System to make it easily accessible. This could potentially render the system…
11/09/2015
SAP HANA TrexNet Remote File Deletion
By exploiting this vulnerability, an unauthenticated attacker could delete any business-relevant information from the SAP HANA System, affecting the integrity of the data, as well as potentially…
Medium
SAP
11/09/2015
SAP HANA TrexNet Remote File Creation
By exploiting this vulnerability, an unauthenticated attacker could potentially render the system unavailable.
High
SAP
11/09/2015
SAP HANA TrexNet Remote File Copy
By exploiting this vulnerability, an unauthenticated attacker could copy business-relevant information from the SAP HANA System, allowing it to be easily accessed and render the system unavailable.
Medium
SAP
11/09/2015
SAP HANA TrexNet Remote Environment Disclosure
By exploiting this vulnerability, an unauthenticated attacker could obtain technical information that could be used by an attacker to facilitate a targeted attack.