Onapsis Research Labs

Security Advisories

Webcast

  • Explore our webcast schedule to hear from the Onapsis Research Team

  • JOIN US

Blog

  • Your expert source for strategies, research and information to achieve business-critical application security success.

  • READ NOW

Latest Advisories

  • Get direct access to the latest security advisories from Onapsis

  • SIGN UP

The Onapsis Research Lab delivers regular security advisories and vulnerability research
to the business-critical application security eco-system of customers, partners and the
security industry. 

 

The Onapsis security advisories enable customers to prioritize patches and updates and deep expert analysis on security issues affecting applications running on SAP and along with remediation strategies to ensure continuity of your business. Onapsis security advisories, together with vendor patches and security notes, are available for download to provide vendors and end-users with the information to mitigate advanced threats to mission-critical applications running on SAP.


Title Date
ONAPSIS-2010-004: SAP J2EE Authentication Phishing Vector

By exploiting this vulnerability, an internal or external attacker would be able perform attacks on the Organization's users through weaknesses in the SAP system. An attacker would send specially crafted emails to users of the Organization's SAP system. After they have been successfully authenticated by the application, they would be redirected to an attacker's controlled web site where he would be able toperform different attacks over their systems and/or trick them into providing sensitive information.

2010-02-10
ONAPSIS-2010-005: SAP J2EE Telnet Administration Security Check Bypass

By exploiting this vulnerability, an internal or external attacker would be able to retrieve sensitive technical information from the SAP J2EE system. This information can be used to replay authentication credentials and perform sensitive operations over the SAP landscape, possibly taking remote control of the affected systems.

2010-06-16
ONAPSIS-2010-006: SAP J2EE Web Services Navigator Cross-Site Scripting

By exploiting this vulnerability, an internal or external attacker would be able perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

2010-07-13
ONAPSIS-2010-007: SAP Management Console Multiple Denial of Service

By exploiting this vulnerability, an unauthenticated internal or external attacker would be able remotely disrupt the main management interface of the Organization's SAP systems. This would result in the impossibility of performing remote maintenance of the SAP landscape, forcing administrators to invest effort into restoring the system to its original state.

2010-09-22
ONAPSIS-2010-001: SAP WebAS Integrated ITS Remote Code Execution

By exploiting this vulnerability, an internal or external attacker would be able execute arbitrary remote commands over vulnerable SAP Web Application Servers, taking complete control of the SAP system. With these privileges, he would be able to obtain, create, modify and/or delete any business related information stored in the vulnerable SAP system.

2010-01-19
ONAPSIS-2010-002: SAP J2EE Engine MDB Path Traversal

By exploiting this vulnerability, an internal or external attacker would be able to access arbitrary files located in the SAP Server file-system. With this access, he would be able to obtain sensitive technical and business related information stored in the vulnerable SAP system.

2010-02-10
ONAPSIS-2010-003: SAP WebDynpro Runtime XSS/CSS Injection

By exploiting this vulnerability, an internal or external attacker would be able perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through complex social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

2010-02-10
ONAPSIS-2010-008: Oracle Virtual Server Agent Arbitrary File Access

By exploiting this vulnerability, an authenticated attacker would be able to remotely compromise the OVS server, together with all the virtual machines configured on it. This would result in the compromise of integrity, availability and confidentiality of every virtual machine deployed in the OVS server.

2010-11-02
ONAPSIS-2010-009: Oracle Virtual Server Agent Remote Command Execution

By exploiting this vulnerability, an authenticated attacker would be able to remotely compromise the OVS server, together with all the virtual machines configured on it. This would result in the compromise of integrity, availability and confidentiality of every virtual machine deployed in the OVS server.

2010-11-02
ONAPSIS-2011-008: Oracle JD Edwards JDENET CallObjectKernel Remote Command Execution

By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in the total compromise of the ERP infrastructure.

2011-04-27
ONAPSIS-2011-016: SAP WebAS Malicious SAP Shortcut Generation

By exploiting this vulnerability, an internal or external attacker would be able to perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

2011-09-14
ONAPSIS-2011-014: SAP WebAS Remote Denial of Service

By exploiting this vulnerability, an unauthenticated attacker would be able to remotely disrupt the SAP Application Server. This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.

2011-09-14
ONAPSIS-2011-015: SAP WebAS webrfc Cross-Site Scripting

By exploiting this vulnerability, an internal or external attacker would be able to perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

2011-09-14
ONAPSIS-2011-012: Oracle JD Edwards JDENET Firewall Bypass

By exploiting this vulnerability, a remote unauthenticated might be able to connect to the ERP system, bypassing weak network firewall configurations. This might result in obtaining remote access to the ERP system, even though this access was supposed to be restricted to internal networks.

2011-04-27
ONAPSIS-2011-013: Oracle JD Edwards JDENET USRBROADCAST Denial of Service

By exploiting this vulnerability, an unauthenticated attacker would be able to remotely disrupt the JD Edwards server. This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.

2011-04-27
ONAPSIS-2011-010: Oracle JD Edwards JDENET Remote Logging Deactivation

By exploiting this vulnerability, a remote unauthenticated attacker would be able to disable logging capabilities in the JD Edwards server. This could result in malicious activities becoming untraceable on the ERP Server.

2011-04-27
ONAPSIS-2011-011: Oracle JD Edwards JDENET Buffer Overflow

By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in the total compromise of the ERP infrastructure.

2011-04-27
ONAPSIS-2012-008: Oracle JD Edwards Security Kernel Information Disclosure

By exploiting this vulnerability, a remote unauthenticated attacker might be able to validate user credentials to access the ERP system. This would represent valuable information to perform more complex attack to the ERP system.

2012-02-23
ONAPSIS-2010-010: Oracle Virtual Server Agent Local Privilege Escalation

By exploiting this vulnerability, a local authenticated attacker would be able to remotely compromise the OVS server, together with all the virtual machines configured on it. This would result in the compromise of integrity, availability and confidentiality of every virtual machine deployed in the OVS server.

2010-11-02
ONAPSIS-2012-002: Oracle JD Edwards Security Kernel Remote Password Disclosure

By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in the total compromise of the ERP infrastructure.

2012-02-23
ONAPSIS-2012-003: Oracle JD Edwards SawKernel Arbitrary File Read

By exploiting this vulnerability, a remote unauthenticated attacker might be able to access arbitrary files hosted on the ERP system. This would result in the total compromise of the ERP infrastructure.

2012-02-23
ONAPSIS-2012-001: Oracle JD Edwards JDENET Arbitrary File Write

By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in a full compromise of the ERP infrastructure.

2012-02-23
ONAPSIS-2012-006: Oracle JD Edwards JDENET Large Packets Denial of Service

By exploiting this vulnerability, a remote unauthenticated attacker might trigger a denial of service on the JDENET service. This would result in the unavailability of most of the ERP services.

2012-02-23
ONAPSIS-2012-007: Oracle JD Edwards SawKernel SET_INI Configuration Modification

By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in the total compromise of the ERP infrastructure.

2012-02-23
ONAPSIS-2012-004: Oracle JD Edwards SawKernel GET_INI Information Disclosure

By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in the total compromise of the ERP infrastructure.

2012-02-23
ONAPSIS-2012-005: Oracle JD Edwards JDENET Multiple Information Disclosure

By exploiting this vulnerability, a remote unauthenticated attacker might be able to access technical information of the ERP system This might result in the disclosure of technical information that might be useful in further attacks to the ERP infrastructure.

2012-02-23
ONAPSIS-2011-009: Oracle JD Edwards JDENET SawKernel Remote Password Disclosure

By exploiting this vulnerability, a remote unauthenticated attacker might be able to obtain valid access credentials and access or modify all the business information processed by the ERP system. This would result in the total compromise of the ERP infrastructure.

2011-04-27
ONAPSIS-2013-006: SAP SMD Agent Code Injection

By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in the total compromise of the SAP infrastructure.

2013-02-21
ONAPSIS-2013-005: SAP CCMS Agent Code Injection

By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in the total compromise of the SAP infrastructure.

2013-02-21
ONAPSIS-2013-004: SAP J2EE Core Service Arbitrary File Access

By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business information processed by the ERP system. This would result in the total compromise of the SAP infrastructure.

2013-02-21
ONAPSIS-2013-003: SAP Enterprise Portal Cross-Site-Scripting

By exploiting this vulnerability, an internal or external attacker would be able to perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through complex social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

2013-02-21
ONAPSIS-2013-002: SAP SDM Denial of Service

By exploiting this vulnerability, an attacker would be able to perform a sabotage attack over the service used to deploy and change software components in the SAP AS Java. This would prevent legitimate developers and administrators from performing and maintain required business and technical activities.

2013-02-21
ONAPSIS-2013-001: SAP Portal PDC Information Disclosure

By exploiting this vulnerability, an internal or external attacker would be able to perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through the exploitation of vulnerabilities in their systems.

2013-02-21
ONAPSIS-2011-001: SAP Management Console Unauthenticated Service Restart

By exploiting this vulnerability, an anonymous internal or external attacker would be able remotely disrupt the main management interface of the Organization's SAP systems. This would result in the impossibility of performing remote maintenance of the SAP landscape, forcing administrators to invest effort into restoring the system to its original state.

2011-01-04
ONAPSIS-2011-003: SAP WebAS ITS Mobile Start Service Multiple Vulnerabilities

By exploiting this vulnerability, an internal or external attacker would be able to perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive informationfrom legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

2011-04-14
ONAPSIS-2011-002: SAP Management Console Information Disclosure

Abusing this functionality, a remote and unauthenticated attacker would be able to gain sensitive information from an SAP System. This information would help him in the process of compromising the security of the SAP server through more advanced attacks.

2011-01-04
ONAPSIS-2011-005: SAP Enterprise Portal Path Disclosure

By exploiting this vulnerability, an internal or external attacker would be able to obtain sensitive technical information from a vulnerable SAP Enterprise Portal system, which can be highly useful in the next phases of his attacks.

2011-04-14
ONAPSIS-2011-004: SAP WebAS ITS Mobile Test Service Multiple Vulnerabilities

By exploiting this vulnerability, an internal or external attacker would be able to perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

2011-04-14
ONAPSIS-2011-007: Oracle JD Edwards JDENET Kernel Shutdown Denial of Service

By exploiting this vulnerability, an unauthenticated attacker would be able to remotely shutdown the JD Edwards server. This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.

2011-04-27
ONAPSIS-2011-006: Oracle JD Edwards JDENET Kernel Denial of Service

By exploiting this vulnerability, an unauthenticated attacker would be able to remotely block certain functions of the JD Edwards server. This would result in the unavailability of certain services running in the JD Edwards server. These services are not critical for the common operation of the system.

2011-04-27
ONAPSIS-2014-002: SAP Security Audit Log Privilege Escalation

By exploiting this vulnerability, a remote attacker might be able to modify or permanently delete the log classes from the Security Audit Log facility.

2014-03-09
ONAPSIS-2014-003: SAP Business Object Framework for ABAP Hard-coded credentials

SAP BOPF for ABAP contains hard-coded credentials which could allow an attacker to extract data which access should be restricted.

2014-03-09
ONAPSIS-2014-004: SAP Print and Output Management Hard-coded credentials

SAP Print and Output contains hard-coded credentials which could allow an attacker to extract data which access should be restricted.

2014-03-09
ONAPSIS-2014-001: SAP HANA host names Information Disclosure

By exploiting this vulnerability, a remote unauthenticated attacker could send a specially crafted malformed HTTP GET request to the HANA ICM process to obtain sensitive information such as the platform version, host name and instance number.

2014-01-07
ONAPSIS-2013-013: SAP BI Universal Data Integration SQL injection

By exploiting this vulnerability, a remote unauthenticated attacker would be able to execute arbitrary SQL queries over the J2EE schema with the objective of accessing and modifying all the business information processed by the ERP system. This would result in the total compromise of the SAP system.

2013-11-08
ONAPSIS-2013-012: SAP CCMS/Database Monitors for Oracle Information Disclosure

By exploiting this vulnerability, an attacker who has previously compromised the SAP system would be able to retrieve the database password in order to elevate his/her level of privileges over the affected system.

2013-08-08
ONAPSIS-2013-010: SAP J2EE Engine Configuration Service Authentication Information Disclosure

By exploiting this vulnerability a remote unauthenticated attacker would be able to retrieve access credentials and ultimately compromise the SAP system and all the business-related information stored in it.

2013-07-02
ONAPSIS-2013-011: SAP Guided Procedures Archive Monitor Information Disclosure

By exploiting this vulnerability, a remote unauthenticated attacker would be able to discover identity information such as usernames, roles and profiles on the system and target his attack based on this information.

2013-07-02
ONAPSIS-2013-009: SAP Mobile Infrastructure Information Disclosure

By exploiting this vulnerability, a remote, unauthenticated attacker can abuse the vulnerable functionalities in order to perform an internal port scanning of the application server.

2013-06-05
ONAPSIS-2013-008: SAP CMS/CM Services Directory Traversal

By exploiting this vulnerability an attacker could upload arbitrary files to any location on the web server. This could result in total compromise of business-critical information contained in the server.

2013-05-11
ONAPSIS-2013-007: SAP adminadapter Arbitrary File Read-Write

By exploiting this vulnerability a remote unauthenticated attacker would be able to completely compromise the SAP system and any information processed and stored in that system.

2013-03-27
ONAPSIS-2014-005: Information Disclosure in SAP SLM

By exploiting this vulnerability a remote unauthenticated attacker would be able to obtain technical information that could be used to perform more sophisticated attacks.

2014-04-28
ONAPSIS-2014-006: SAP Background Processing RFC Missing Authorization Check

By exploiting this vulnerability a remote authenticated attacker would be able to perform activities for which he is not authorized.

2014-04-28
ONAPSIS-2014-007: SAP Profile Maintenance RFC Missing Authorization Check

By exploiting this vulnerability a remote authenticated attacker would be able to perform activities for which he is not authorized.

2014-04-28
ONAPSIS-2014-008: SAP NW Portal WD Integration Information Disclosure

By exploiting this vulnerability a remote unauthenticated attacker would be able to retrieve sensitive information from the remote SAP system and use that information to leverage his / her privileges in the affected system.

2014-04-28
ONAPSIS-2014-009: SAP BASIS Missing Authorization Check

By exploiting this vulnerability an authenticated attacker will be able to abuse of functionality that should be restricted with the objective to leverage his / her privileges over the affected system.

2014-04-28
ONAPSIS-2014-010: SAP Business Objects InfoView Reflected Cross Site Scripting

A reflected Cross-Site scripting vulnerability exists in the InfoView application. An attacker could send a link to a victim that when clicked on could compromise their account.

2014-04-28
ONAPSIS-2014-011: SAP PS-ST and Project-Oriented Procurement Hard-coded credentials

SAP Project System Structures and Project-Oriented Procurement contains hard-coded username which could allow a user to access functions or information that should be restricted.

2014-06-06
ONAPSIS-2014-012: SAP XX-CSC-BR Hard-coded Credentials

SAP Brazil Specific Add-On contains hard-coded username which could allow a user to access functions or information that should be restricted.

2014-06-06
ONAPSIS-2014-013: SAP IS-OIL-DS-TSW Traders and Schedulers Workbench Hard-coded Credentials

SAP Oil Industry Solution Traders and Schedulers Workbench contains hard-coded username which could allow a user to access functions or information that should be restricted.

2014-06-06
ONAPSIS-2014-014: SAP Upgrade tools for ABAP Hard-coded credentials

SAP Upgrade Tools contains hard-coded username which could allow a user to access functions or information that should be restricted.

2014-06-06
ONAPSIS-2014-015: SAP Web Services Tool Hard-coded Credentials

SAP Web Services Tool contains hard-coded username which could allow a user to access functions or information that should be restricted.

2014-06-06
ONAPSIS-2014-016: SAP CCMS Monitoring Hard-coded Credentials

SAP CCMS Monitoring contains hard-coded username which could allow a user to access functions or information that should be restricted.

2014-06-06
ONAPSIS-2014-017: SAP Transaction Datapool Hard-coded Credentials

SAP Transaction Data Pool contains hard-coded username which could allow a user to access functions or information that should be restricted.

2014-06-06
ONAPSIS-2014-018: SAP Capacity Leveling Hard-coded Credentials

SAP Capacity Leveling contains hard-coded username which could allow a user to access functions or information that should be restricted.

2014-06-06
ONAPSIS-2014-019: SAP Open Hub Service Hard-coded Credentials

SAP Open Hub Service contains hard-coded username which could allow a user to access functions or information that should be restricted.

2014-06-06
ONAPSIS-2014-020: SAP Web Application Server ABAP Information Disclosure

By exploiting this vulnerability, a remote unauthenticated attacker might be able to modify technical information about the SAP systems potentially leading to a full compromise of all business information.

2014-06-06
ONAPSIS-2014-021: SAP HANA XS missing encryption in form-based authentication

SAP HANA XS does not enforce any encryption in the form based authentication. It could allow an anonymous user to get valid credentials from the network to get access into the system.

2014-07-29
ONAPSIS-2014-022: SAP HANA UI5 SDK Authentication Bypass

SAP HANA UI5 SDK Application does not enforce any authentication when it is explicitly configured. It could allow an anonymous user to access functions or information that should be restricted.

2014-07-29
ONAPSIS-2014-023: HTTP verb tampering issue in SAP_JTECHS

By exploiting this vulnerability a remote unauthenticated attacker would be able to access restricted functionality and change application server behavior or affect its performance.

2014-07-29
ONAPSIS-2014-024: Hard-coded Username in SAP FI Manager Self-Service

SAP FI Manager Self-Service contains hard-coded username which could allow a user to access functions or information that should be restricted.

2014-07-29
ONAPSIS-2014-025: Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool

The SAP HANA XS Administration Tool can be abused by potential attackers, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.

2014-07-29
ONAPSIS-2014-026: Missing authorization check in function modules of BW-SYS-DB-DB4

By exploiting this vulnerability a remote authenticated attacker would be able to perform activities for which he is not authorized.

2014-07-29
SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities

The SAP HANA Developer Edition contains multiple reflected Cross Site Scripting Vulnerabilities (XSS) in the democontent area.

2014-10-08
SAP HANA Web-based Development Workbench Code Injection

By exploiting this vulnerability a remote unauthenticated attacker would be able to completely compromise the SAP system and any information processed and stored in that system.

2014-10-08
SAP Business Objects Information Disclosure

A malicious user can discover information relating to valid users using a vulnerable Business Objects Enterprise instance. This information could be used to allow the malicious user to specialize their attacks against the system.

2014-10-08
SAP Business Objects Denial of Service via CORBA

By exploiting this vulnerability a remote unauthenticated attacker would be able to completely shut down the SAP Business Objects remotely.

2014-10-08
SAP Business Objects Information Disclosure via CORBA

By exploiting this vulnerability a remote unauthenticated attacker would be able to obtain information about the system that could be used to further specialize attacks against the Business Objects platform.

2014-10-08
SAP BusinessObjects Persistent Cross Site Scripting

By exploiting this vulnerability a remote unauthenticated attacker would be able to attack other users of the system.

2014-10-08
SAP Business Warehouse Missing Authorization Check

By exploiting this vulnerability an authenticated attacker will be able to abuse of functionality that should be restricted and can disclose technical information without having the right access permissions. This information could be used to perform further attacks over the platform.

2014-10-08
SAP Business Objects Search Token Privilege Escalation via CORBA

By exploiting this vulnerability a remote and potentially unauthenticated attacker would be able to access or modify any information stored on the SAP BusineesObjects server. The attacker could also connect to the business systems depending on the configuration of the BO infrastructure

2014-12-15
SAP BASIS Missing Authorization Check

By exploiting this vulnerability an authenticated attacker will be able to abuse of functionality that should be restricted. This information could be used to perform further attacks over the platform

2014-12-15
Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Webbased Development Workbench

By exploiting this vulnerability a remote unauthenticated attacker would be able to attack other users of the system.

2015-02-25
SAP Business Objects Unauthorized File Repository Server Read via CORBA

By exploiting this vulnerability a remote unauthenticated attacker would be able to retrieve sensitive business data stored on the remote system.

2015-02-25
SAP Business Objects Unauthorized File Repository Server Write via CORBA

By exploiting this vulnerability a remote unauthenticated attacker would be able to overwrite sensitive business data stored on the remote system.

2015-02-25
SAP Business Objects Unauthorized Audit Information Delete via CORBA

By exploiting this vulnerability a remote unauthenticated attacker would be able to delete auditing information of the remote system. This way, the attacker could perform malicious activities without being detected.

2015-02-25
SAP Business Objects Unauthorized Audit Information Access via CORBA

By exploiting this vulnerability a remote unauthenticated attacker would be able to read auditing information thus accessing sensitive business data. Access to this functionality should be restricted.

2015-02-25