New SAP & Onapsis Threat Intelligence: Active Cyberattacks on Business-Critical SAP Applications

Who we are

As the leading provider of security for SAP® and Oracle® EBS applications, Onapsis has developed unique insight into emerging threats that can affect your business-critical systems. That’s why we created Onapsis Research Labs, a team of ERP security experts who combine in-depth knowledge and experience to deliver technical analysis and alerts with a business context. Our team works closely with SAP and Oracle product security teams to responsibly deliver the information to customers. To date, we have released over 150 advisories. We’ve consulted with over 180 of our enterprise customers, and we regularly present at leading security, Oracle and SAP conferences around the world.


We regularly issue advisories that help enterprises make sense of the business and security impact that new threats present.

All Advisories
Please fill in the following form in order to download the selected Onapsis' resource. The system will send you a download link to your email.
By exploiting this vulnerability, a remote attacker could steal sensitive business information by redirecting users to a malicious site.
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system.


These in-depth publications analyze security issues and aspects inherent in SAP and Oracle EBS applications.

All Publications
The aim of this publication is to fully introduce and explain the concept of Remote Function Call (RFC) and the impact on the Gateway and Message Server.
This SAP Security In-depth attempts to fully introduce and explain the concept of Switchable Authorization Checks. How it works, why it’s important and how to implement a Switchable Authorization…
SAP has issued three HotNews Security Notes for Solution Manager (SolMan), dating back to 2019. The most recent (March 2020) addresses a critical vulnerability. An exploit of this vulnerability can…

Threat Reports

Stay informed on the latest threats to the ERP landscape and get the information you need to help mitigate those threats.

All Threat Reports
A critical cybersecurity blind spot impacting how many organizations protect their business-critical SAP applications is detailed in this joint report from Onapsis and SAP. Learn how threat actors…
Onapsis has discovered and worked with SAP to release a patch for the RECON vulnerabilities, affecting a component included in many SAP applications.
Oracle BigDebIT vulnerabilities put thousands of organizations at risk. Onapsis threat research has discovered this major financial and compliance risk to companies who may not have the latest patch…


Check out the blog often for the most timely updates, tips and trends relating to ERP security.

All Blog Posts
Oracle’s July 2019 CPU Patches Three Critical Vulnerabilities in E-Business Suite Reported by Onapsis
Posted 07/16/2019 by Christian Simko, Gaston Traberg, Martin Doyhenard, Michael Miller, Sebastian Bortnik
SAP Security Notes July ‘19: Critical Vulnerability Affecting Solution Manager
Posted 07/09/2019 by
Cyber Weakness and the Impact on the Economy
Posted 06/25/2019 by Christian Simko


Want a more in-depth exploration? Start with these related pieces, then visit our Resources page for more.

All resources

Solicitud de cortesía
Ilustración de Riesgos de Negocios

Examine la postura de seguridad y la exposición al riesgo de sus aplicaciones críticas para el negocio a fin de determinar el impacto potencial de un ataque cibernético en su organización.

Solicite una evaluación