The Onapsis Research Labs is continuously researching in the security of different business-critical solutions in order to better understand the involved risks and provide our customers with novel and high quality information to protect and assess their business technological environments. This research is also shared with the community, in the form of security advisories that describe the detected vulnerabilities.

• 2013-02-21ONAPSIS-2013-006: SAP SMD Agent Code Injection

  By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in the total compromise of the SAP infrastructure.

• 2013-02-21ONAPSIS-2013-005: SAP CCMS Agent Code Injection

  By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in the total compromise of the SAP infrastructure.

• 2013-02-21ONAPSIS-2013-004: SAP J2EE Core Service Arbitrary File Access

  By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in the total compromise of the SAP infrastructure.

• 2013-02-21ONAPSIS-2013-003: SAP Enterprise Portal Cross-Site-Scripting

  By exploiting this vulnerability, an internal or external attacker would be able to perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through complex social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

• 2013-02-21ONAPSIS-2013-002: SAP SDM Denial of Service

  By exploiting this vulnerability, an attacker would be able to perform a sabotage attack over the service used to deploy and change software components in the SAP AS Java. This would prevent legitimate developers and administrators from performing and maintain required business and technical activities.

• 2013-02-21ONAPSIS-2013-001: SAP Portal PDC Information Disclosure

  By exploiting this vulnerability, an internal or external attacker would be able to perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through the exploitation of vulnerabilities in their systems.

• 2012-02-23ONAPSIS-2012-008: Oracle JD Edwards Security Kernel Information Disclosure

  By exploiting this vulnerability, a remote unauthenticated attacker might be able to validate user credentials to access the ERP system. This would represent valuable information to perform more complex attack to the ERP system.

• 2012-02-23ONAPSIS-2012-007: Oracle JD Edwards SawKernel SET_INI Configuration Modification

  By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in the total compromise of the ERP infrastructure.

• 2012-02-23ONAPSIS-2012-006: Oracle JD Edwards JDENET Large Packets Denial of Service

  By exploiting this vulnerability, a remote unauthenticated attacker might trigger a denial of service on the JDENET service. This would result in the unavailability of most of the ERP services.

• 2012-02-23ONAPSIS-2012-005: Oracle JD Edwards JDENET Multiple Information Disclosure

  By exploiting this vulnerability, a remote unauthenticated attacker might be able to access technical information of the ERP system This might result in the disclosure of technical information that might be useful in further attacks to the ERP infrastructure.

• 2012-02-23ONAPSIS-2012-004: Oracle JD Edwards SawKernel GET_INI Information Disclosure

  By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in the total compromise of the ERP infrastructure.

• 2012-02-23ONAPSIS-2012-003: Oracle JD Edwards SawKernel Arbitrary File Read

  By exploiting this vulnerability, a remote unauthenticated attacker might be able to access arbitrary files hosted on the ERP system. This would result in the total compromise of the ERP infrastructure.

• 2012-02-23ONAPSIS-2012-002: Oracle JD Edwards Security Kernel Remote Password Disclosure

  By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in the total compromise of the ERP infrastructure.

• 2012-02-23ONAPSIS-2012-001: Oracle JD Edwards JDENET Arbitrary File Write

  By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in a full compromise of the ERP infrastructure.

• 2011-09-14ONAPSIS-2011-016: SAP WebAS Malicious SAP Shortcut Generation

  By exploiting this vulnerability, an internal or external attacker would be able to perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

• 2011-09-14ONAPSIS-2011-015: SAP WebAS webrfc Cross-Site Scripting

  By exploiting this vulnerability, an internal or external attacker would be able to perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

• 2011-09-14ONAPSIS-2011-014: SAP WebAS Remote Denial of Service

  By exploiting this vulnerability, an unauthenticated attacker would be able to remotely disrupt the SAP Application Server. This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.

• 2011-04-27ONAPSIS-2011-013: Oracle JD Edwards JDENET USRBROADCAST Denial of Service

  By exploiting this vulnerability, an unauthenticated attacker would be able to remotely disrupt the JD Edwards server. This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.

• 2011-04-27ONAPSIS-2011-012: Oracle JD Edwards JDENET Firewall Bypass

  By exploiting this vulnerability, a remote unauthenticated might be able to connect to the ERP system, bypassing weak network firewall configurations. This might result in obtaining remote access to the ERP system, even though this access was supposed to be restricted to internal networks.

• 2011-04-27ONAPSIS-2011-011: Oracle JD Edwards JDENET Buffer Overflow

  By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in the total compromise of the ERP infrastructure.

• 2011-04-27ONAPSIS-2011-010: Oracle JD Edwards JDENET Remote Logging Deactivation

  By exploiting this vulnerability, a remote unauthenticated attacker would be able to disable logging capabilities in the JD Edwards server. This could result in malicious activities becoming untraceable on the ERP Server.

• 2011-04-27ONAPSIS-2011-009: Oracle JD Edwards JDENET SawKernel Remote Password Disclosure

  By exploiting this vulnerability, a remote unauthenticated attacker might be able to obtain valid access credentials and access or modify all the business information processed by the ERP system. This would result in the total compromise of the ERP infrastructure.

• 2011-04-27ONAPSIS-2011-008: Oracle JD Edwards JDENET CallObjectKernel Remote Command Execution

  By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in the total compromise of the ERP infrastructure.

• 2011-04-27ONAPSIS-2011-007: Oracle JD Edwards JDENET Kernel Shutdown Denial of Service

  By exploiting this vulnerability, an unauthenticated attacker would be able to remotely shutdown the JD Edwards server. This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.

• 2011-04-27ONAPSIS-2011-006: Oracle JD Edwards JDENET Kernel Denial of Service

  By exploiting this vulnerability, an unauthenticated attacker would be able to remotely block certain functions of the JD Edwards server. This would result in the unavailability of certain services running in the JD Edwards server. These services are not critical for the common operation of the system.

• 2011-04-14ONAPSIS-2011-005: SAP Enterprise Portal Path Disclosure

  By exploiting this vulnerability, an internal or external attacker would be able to obtain sensitive technical information from a vulnerable SAP Enterprise Portal system, which can be highly useful in the next phases of his attacks.

• 2011-04-14ONAPSIS-2011-004: SAP WebAS ITS Mobile Test Service Multiple Vulnerabilities

  By exploiting this vulnerability, an internal or external attacker would be able to perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

• 2011-04-14ONAPSIS-2011-003: SAP WebAS ITS Mobile Start Service Multiple Vulnerabilities

  By exploiting this vulnerability, an internal or external attacker would be able to perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive informationfrom legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

• 2011-01-04ONAPSIS-2011-002: SAP Management Console Information Disclosure

  Abusing this functionality, a remote and unauthenticated attacker would be able to gain sensitive information from an SAP System. This information would help him in the process of compromising the security of the SAP server through more advanced attacks.

• 2011-01-04ONAPSIS-2011-001: SAP Management Console Unauthenticated Service Restart

  By exploiting this vulnerability, an anonymous internal or external attacker would be able remotely disrupt the main management interface of the Organization's SAP systems. This would result in the impossibility of performing remote maintenance of the SAP landscape, forcing administrators to invest effort into restoring the system to its original state.

• 2010-11-02ONAPSIS-2010-010: Oracle Virtual Server Agent Local Privilege Escalation

  By exploiting this vulnerability, a local authenticated attacker would be able to remotely compromise the OVS server, together with all the virtual machines configured on it. This would result in the compromise of integrity, availability and confidentiality of every virtual machine deployed in the OVS server.

• 2010-11-02ONAPSIS-2010-009: Oracle Virtual Server Agent Remote Command Execution

  By exploiting this vulnerability, an authenticated attacker would be able to remotely compromise the OVS server, together with all the virtual machines configured on it. This would result in the compromise of integrity, availability and confidentiality of every virtual machine deployed in the OVS server.

• 2010-11-02ONAPSIS-2010-008: Oracle Virtual Server Agent Arbitrary File Access

  By exploiting this vulnerability, an authenticated attacker would be able to remotely compromise the OVS server, together with all the virtual machines configured on it. This would result in the compromise of integrity, availability and confidentiality of every virtual machine deployed in the OVS server.

• 2010-09-22ONAPSIS-2010-007: SAP Management Console Multiple Denial of Service

  By exploiting this vulnerability, an unauthenticated internal or external attacker would be able remotely disrupt the main management interface of the Organization's SAP systems. This would result in the impossibility of performing remote maintenance of the SAP landscape, forcing administrators to invest effort into restoring the system to its original state.

• 2010-07-13ONAPSIS-2010-006: SAP J2EE Web Services Navigator Cross-Site Scripting

  By exploiting this vulnerability, an internal or external attacker would be able perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

• 2010-06-16ONAPSIS-2010-005: SAP J2EE Telnet Administration Security Check Bypass

  By exploiting this vulnerability, an internal or external attacker would be able to retrieve sensitive technical information from the SAP J2EE system. This information can be used to replay authentication credentials and perform sensitive operations over the SAP landscape, possibly taking remote control of the affected systems.

• 2010-02-10ONAPSIS-2010-004: SAP J2EE Authentication Phishing Vector

  By exploiting this vulnerability, an internal or external attacker would be able perform attacks on the Organization's users through weaknesses in the SAP system. An attacker would send specially crafted emails to users of the Organization's SAP system. After they have been successfully authenticated by the application, they would be redirected to an attacker's controlled web site where he would be able toperform different attacks over their systems and/or trick them into providing sensitive information.

• 2010-02-10ONAPSIS-2010-003: SAP WebDynpro Runtime XSS/CSS Injection

  By exploiting this vulnerability, an internal or external attacker would be able perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through complex social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

• 2010-02-10ONAPSIS-2010-002: SAP J2EE Engine MDB Path Traversal

  By exploiting this vulnerability, an internal or external attacker would be able to access arbitrary files located in the SAP Server file-system. With this access, he would be able to obtain sensitive technical and business related information stored in the vulnerable SAP system.

• 2010-01-19ONAPSIS-2010-001: SAP WebAS Integrated ITS Remote Code Execution

  By exploiting this vulnerability, an internal or external attacker would be able execute arbitrary remote commands over vulnerable SAP Web Application Servers, taking complete control of the SAP system. With these privileges, he would be able to obtain, create, modify and/or delete any business related information stored in the vulnerable SAP system.