[FD] [Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery

nerability information to SAP AG. * 11/08/2014: SAP AG confirms having received the information. * 04/08/2015: SAP AG releases SAP security note fixing the vulnerability * 08/12/2015: Security Advisory is released. About Onapsis Research Labs - ------- Onapsis Research Lab

[FD] [Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage

14: SAP AG confirms having received the information. * 04/08/2015: SAP AG releases SAP security note 2094830 fixing the vulnerability * 08/12/2015: Security Advisory is released. About Onapsis Research Labs - ------- Onapsis Research Labs provides the industry analysis of ke

[FD] [Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values

te 2094830 fixing the vulnerability * 08/12/2015: Security Advisory is released. About Onapsis Research Labs - ------- Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent

[FD] [Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement

information about the vulnerability. 2015-01-13: SAP AG publishes security note 2109565 which fixes the problem. 2015-05-27: Onapsis publishes security advisory. About Onapsis Research Labs === Onapsis Research Labs provides the industry analysis of key security issues that

[FD] [Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability

. Organizations depend on Onapsis because of our ability to provide reliable expertise and solutions for securing business essentials About Onapsis Research Labs === Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical

[FD] [Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA

ation to SAP AG. 2014-02-17: SAP confirms having the information of vulnerability. 2014-10-14: SAP releases security patches. 2015-02-25: Onapsis releases security advisory. About Onapsis Research Labs === Onapsis Research Labs provides the industry analysis of key sec

[FD] [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA

: SAP releases security patches. 2015-02-25: Onapsis releases security advisory. About Onapsis Research Labs === Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely

[FD] [Onapsis Security Advisory 2015-003] SAP Business Objects Unauthorized File Repository Server Write via CORBA

. 2015-02-25: Onapsis releases security advisory. About Onapsis Research Labs === Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance

[FD] [Onapsis Security Advisory 2015-002] SAP Business Objects Unauthorized File Repository Server Read via CORBA

y. About Onapsis Research Labs ======= Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Res

[FD] [Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench

ility information to SAP AG. 2014-02-26: SAP confirms having the information of vulnerability. 2014-10-14: SAP releases security patches. 2015-02-25: Onapsis releases security advisory. About Onapsis Research Labs === Onapsis Research Labs provides the industry analysis of key sec

[FD] [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA

, assigning a CVSS score of 6.0. 2014-12-16: Onapsis notifies availability of security advisory. About Onapsis Research Labs === Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent

[FD] [Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting

2014-01-16: Onapsis provides vulnerability information to SAP AG. 2014-01-17: SAP confirms having the information of vulnerability. 2014-06-10: SAP releases security patches. 2014-10-08: Onapsis notifies availability of security advisory. About Onapsis Research Labs ======

[FD] [Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure

vulnerability information to SAP AG. 2013-08-30: SAP confirms having the information of vulnerability. 2014-06-10: SAP releases security patches. 2014-10-08: Onapsis notifies availability of security advisory. About Onapsis Research Labs === Onapsis Research Labs

[FD] [Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA

vulnerability. 2014-06-10: SAP releases security patches. 2014-10-08: Onapsis notifies availability of security advisory. About Onapsis Research Labs === Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications

[FD] [Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA

Labs === Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth

[FD] [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check

ormation to SAP AG. 2014-01-21: SAP confirms having the information of vulnerability. 2014-06-10: SAP releases security patches. 2014-10-08: Onapsis notifies availability of security advisory. About Onapsis Research Labs ======= Onapsis Research Labs provides the industry

[FD] [Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities

g the information of vulnerability. 2014-05-13: SAP releases security patches. 2014-10-08: Onapsis notifies availability of security advisory. About Onapsis Research Labs === Onapsis Research Labs provides the industry analysis of key security issues that impact bus

[FD] [Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection

notifies availability of security advisory. About Onapsis Research Labs === Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories

[FD] [Onapsis Security Advisory 2014-026] Missing authorization check in function modules of BW-SYS-DB-DB4

gain access to beforehand information on upcoming advisories, presentations and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences. 1. Impact on Business By exploiting this vulnerability a remote

[FD] [Onapsis Security Advisory 2014-025] Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool

Center, you will gain access to beforehand information on upcoming advisories, presentations and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences. 1. Impact on Business The SAP HANA XS

[FD] [Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service

to beforehand information on upcoming advisories, presentations and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences. 1. Impact on Business SAP FI Manager Self-Service contains a hard-coded

[FD] [Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS

information on upcoming advisories, presentations and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences. 1. Impact on Business By exploiting this vulnerability a remote unauthenticated

[FD] [Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass

information on upcoming advisories, presentations and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences. 1. Impact on Business SAP HANA IU5 SDK Application does not enforce any authentication

[FD] [Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication

access to beforehand information on upcoming advisories, presentations and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences. 1. Impact on Business SAP HANA XS does not enforce any encryption in the form

[FD] [Onapsis Security Advisory 2014-020] SAP SLD Information Tampering

m. Onapsis is backed by the Onapsis Research Labs, a world-renowned team of SAP & ERP security experts who are continuously invited to lecture at the leading IT security conferences, such as RSA and BlackHat, and featured by mainstream media such as CNN, Reuters, IDG and New York Times. For further

[FD] [Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Onapsis Security Advisories:Multiple Hard-coded Usernames (CWE-798) have been found and patched in a variety of SAP components. Summaries of the advisories with links to full versions follow: 1. ONAPSIS-2014-011-SAP Project System Structures and Proje

[FD] [Onapsis Security Advisory 2014-010] SAP BusinessObjects InfoView Reflected Cross Site Scripting

access to beforehand information on upcoming advisories, presentations and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences. 1. Impact on Business By exploiting this vulnerability a remote

[FD] [Onapsis Security Advisory 2014-009] SAP BASIS Missing Authorization Check

information on upcoming advisories, presentations and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences. 1. Impact on Business By exploiting this vulnerability an authenticated attacker will be able to

[FD] [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure

beforehand information on upcoming advisories, presentations and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences. 1. Impact on Business By exploiting this vulnerability a remote unauthenticated attacker would

[FD] [Onapsis Security Advisory 2014-007] Missing authorization check in SAP Profile Maintenance

to beforehand information on upcoming advisories, presentations and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences. 1. Impact on Business By exploiting this vulnerability a remote authenticated attacker

[FD] [Onapsis Security Advisory 2014-006] Missing authorization check in SAP Background Processing RFC

gain access to beforehand information on upcoming advisories, presentations and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences. 1. Impact on Business By exploiting this vulnerability a remote

[FD] [Onapsis Security Advisory 2014-005] Information disclosure in SAP Software Lifeclycle Manager

to beforehand information on upcoming advisories, presentations and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences. 1. Impact on Business By exploiting this vulnerability a remote unauthenticated