New SAP & Onapsis Threat Intelligence: Active Cyberattacks on Business-Critical SAP Applications

Download the Report

Security Advisories

The Onapsis Research Labs delivers regular SAP® and Oracle® vulnerability research to our ecosystem of customers, partners and the information security industry.

Onapsis security advisories enable customers to better understand the security and business implications of discovered SAP and Oracle security issues. This enables organizations to prioritize patches, updates and their remediation strategies to ensure continuity of the business. Onapsis security advisories, together with vendor patches and security notes, are available for download to provide vendors and end-users with the necessary information to mitigate advanced threats to mission-critical applications running on SAP and Oracle.

Critical
SAP
11/09/2015
SAP HANA TrexNet Remote Directory Deletion
By exploiting this vulnerability, an unauthenticated attacker could delete business-relevant information from the SAP HANA System and could also render the system unavailable.
Medium
SAP
11/09/2015
SAP HANA TrexNet Remote Directory Creation
By exploiting this vulnerability, an unauthenticated attacker could render the system unavailable and potentially overwrite information.
High
SAP
11/09/2015
SAP HANA TrexNet Remote Directory Copy
By exploiting this vulnerability, an unauthenticated attacker could copy business-relevant information from the SAP HANA System and render the system unavailable.
High
SAP
11/09/2015
SAP HANA TrexNet Remote Denial of Service
By exploiting this vulnerability, an unauthenticated attacker could render the SAP HANA system completely unavailable due to a system shutdown. Any business process or information hosted in the…
Critical
SAP
11/09/2015
SAP HANA TrexNet Remote Command Execution
By exploiting this vulnerability, an unauthenticated attacker could completely compromise the system and would be able to access and manage any business-relevant information or process.
Medium
SAP
11/08/2015
SAP HANA Remote Trace Disclosure
By exploiting this vulnerability, a remote unauthenticated attacker could remotely read technical information that could potentially grant him access to the system.
09/29/2015
SAP HANA SQL Injection newUser
By exploiting this vulnerability an attacker could modify information related to users of the HANA system, affecting the integrity of the data stored.
09/29/2015
SAP HANA SQL Injection ModifyUser
By exploiting this vulnerability an attacker could modify information related to users of the HANA system, affecting the integrity of the data stored.
09/29/2015
SAP HANA SQL injection in getSQLTraceConfiguration function
By exploiting this vulnerability an attacker could read sensitive business information stored in the HANA system and change configuration parameters which could render the system unavailable for…
09/29/2015
SAP HANA hdbsql Multiple Memory Corruption Vulnerabilities
By exploiting this vulnerability an attacker could abuse of management interfaces to execute commands on the HANA system and ultimately compromise all the information stored and processed by the…
09/29/2015
SAP HANA hdbsql Multiple Memory Corruption Vulnerabilities
By exploiting this vulnerability an attacker could abuse of management interfaces to execute commands on the HANA system and ultimately compromise all the information stored and processed by the…
09/29/2015
SAP HANA Drop Credentials SQL injection
By exploiting this vulnerability an attacker could modify system settings and delete credentials which could affect other users in the HANA system, engaging into a DoS attack.