The Onapsis Research Lab delivers regular SAP and Oracle vulnerability research to our eco-system of customers, partners and the information security industry
Onapsis security advisories enable customers to better understand the security and business implications of discovered SAP and Oracle security issues. This enables organizations to prioritize patches, updates and their remediation strategies to ensure continuity of the business. Onapsis security advisories, together with vendor patches and security notes, are available for download to provide vendors and end-users with the necessary information to mitigate advanced threats to mission-critical applications running on SAP and Oracle.
By exploiting this vulnerability, an internal or external attacker would be able perform attacks on the Organization's users through weaknesses in the SAP system. An attacker would send specially crafted emails to users of the Organization's SAP system. After they have been successfully authenticated by the application, they would be redirected to an attacker's controlled web site where he would be able toperform different attacks over their systems and/or trick them into providing sensitive information.
By exploiting this vulnerability, an internal or external attacker would be able perform attacks on the Organization's users through weaknesses in the SAP system. Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through complex social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.
By exploiting this vulnerability, an internal or external attacker would be able execute arbitrary remote commands over vulnerable SAP Web Application Servers, taking complete control of the SAP system. With these privileges, he would be able to obtain, create, modify and/or delete any business related information stored in the vulnerable SAP system.