Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure
1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker
could obtain valid usernames that could be helpful to support more
complex attacks.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-027
-…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute
force attack
1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker
could get high privilleges on the HANA system with unrestricted
access to any business information.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-024: SAP HANA arbitrary audit
injection via HTTP requests
1. Impact on Business
=====================
By exploiting this vulnerability an attacker could tamper the audit
logs, hiding his trails after an attack to a HANA system.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-024
– Onapsis…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-025: SAP HANA arbitrary audit
injection via SQL protocol
1. Impact on Business
=====================
By exploiting this vulnerability an attacker could tamper the audit
logs, hiding his trails after an attack to a HANA system.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-025
– Onapsis SVS…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write
1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
modify any information indexed by the SAP system.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-022
– Onapsis SVS ID: ONAPSIS-00180
– CVE:…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read
1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could access arbitrary business information from the SAP system.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-021
– Onapsis SVS ID: ONAPSIS-00179
-…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal
1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could access arbitrary business information from the SAP system.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-020
– Onapsis SVS ID:…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution
1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
access and modify any information indexed by the SAP system.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-019
– Onapsis SVS ID:…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-007: SAP HANA Password Disclosure
1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker may obtain
clear-text passwords of SAP HANA users and get critical information.
Risk Level: Low
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-007
– Onapsis SVS ID: ONAPSIS-00186…
Infosec is a technical discipline, but it also requires good, skilled cybersecurity professionals. We take a look at the bigger picture.
The post Why you should hire good, skilled cybersecurity professionals appeared first on WeLiveSecurity.
