Full Disclosure
Posted by VMware Security Response Center on Oct 11
—————————————————————————
—
VMware Security Advisory
Advisory ID: VMSA-2016-0016
Severity: Critical
Synopsis: vRealize Operations (vROps) updates address privilege
escalation
vulnerability
Issue date: 2016-10-11
Updated on: 2016-10-11 (Initial Advisory)
CVE number: CVE-2016-7457
1. Summary
vRealize Operations (vROps) updates address…
Posted by Onapsis Research on Oct 11
Onapsis Security Advisory ONAPSIS-2016-057: Oracle E-Business Suite Cross Site Scripting (XSS)
1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users
connected to the system.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID:…
Posted by Onapsis Research on Oct 11
Onapsis Security Advisory ONAPSIS-2016-056: Oracle E-Business Suite Cross Site Scripting (XSS)
1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users
connected to the system.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID:…
Posted by Onapsis Research on Oct 11
Onapsis Security Advisory ONAPSIS-2016-055: Oracle E-Business Suite Cross Site Scripting (XSS)
1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users
connected to the system.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID:…
Posted by Onapsis Research on Oct 11
Onapsis Security Advisory ONAPSIS-2016-053: Oracle E-Business Suite Cross Site Scripting (XSS)
1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users
connected to the system.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID:…
Posted by Onapsis Research on Oct 11
Onapsis Security Advisory ONAPSIS-2016-052: Oracle E-Business Suite Cross Site Scripting (XSS)
1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users
connected to the system.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID:…
Posted by Onapsis Research on Oct 11
Onapsis Security Advisory ONAPSIS-2016-051: SAP Business Objects Memory Corruption
1. Impact on Business
=====================
By exploiting this vulnerability an attacker could hide audit information logged by the SAP system.
Risk Level: Low
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID: ONAPSIS-2016-051
– Onapsis SVS ID: ONAPSIS-00247
– CVE: CVE-2016-7437
-…
Posted by Onapsis Research on Oct 11
Onapsis Security Advisory ONAPSIS-2016-005: SAP SLDREG memory corruption
1. Impact on Business
=====================
By exploiting this vulnerability, an attacker could potentially abuse of technical functions to access and/or
compromise the business information.
Risk Level: Low
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID: ONAPSIS-2016-005
– Onapsis SVS…
Posted by Onapsis Research on Oct 11
Onapsis Security Advisory ONAPSIS-2016-050: SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC
1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID: ONAPSIS-2016-050
– Onapsis SVS ID: ONAPSIS-00252…
Posted by Onapsis Research on Oct 11
Onapsis Security Advisory ONAPSIS-2016-049: SAP OS Command Injection in SCTC_REORG_SPOOL
1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID: ONAPSIS-2016-049
– Onapsis SVS ID: ONAPSIS-00255
– CVE:…