Today we have released 12 new Oracle application advisories which affect two different products: Oracle E-Business Suite and JD Edwards. The advisories include various types of vulnerabilities such as Cross Site Scripting, Denial of Service, Password Disclosure and User Creation. After great success uncovering hundreds of vulnerabilities in SAP systems, our Research Labs are expanding our security advisories to now include Oracle products.
Today, Onapsis Research Labs released 15 advisories related to SAP HANA and some building components, as well as Internal Communication Channels (also known as TREXNet). This is the first launch of more than 40 advisories we will be publishing in the following month including several vulnerabilities we have discovered in business critical application such as SAP and Oracle. In this blogpost, we'll analyze two different vulnerabilities affecting SAP HANA.
Yesterday, Oracle released its July 2016 Oracle Critical Patch Update (CPU). This post serves to provide Oracle customers with a detailed analysis of the latest vulnerabilities affecting Oracle business critical applications.
On the second Tuesday of every month, SAP releases their latest Security Notes. This month there were 36 SAP Security Notes (taking into account 26 Support Packages and 10 Patch Day Notes & including the ones published after last second Tuesday). Of these notes, there are two important things to highlight:
Onapsis has just completed its second annual North American Roadshow Series! With stops in the Bay Area, Houston, Chicago, and New York, this initiative was a huge success.
During this series, industry professionals and customers from some of the top F1000 organizations collaborated on how to address the growing SAP governance gap within their organizations. As the state of SAP cybersecurity continues to evolve, the SAP governance gap continues to be one of the most common challenges facing organizations across many different industries.