Full Disclosure
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-040: SAP HANA potential wrong encryption
1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could access arbitrary business information from the SAP system.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-040
– Onapsis SVS ID:…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-037: SAP HANA Potential Remote
Code Execution
1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
access and modify any information indexed by the SAP system.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-037
– Onapsis SVS ID:…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution
1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
access and modify any information indexed by the SAP system.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-034
– Onapsis SVS ID:…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information
Disclosure in NameServer
1. Impact on Business
=====================
By exploiting this vulnerability an attacker could discover
information relating to servers. This information could be used to
allow the attacker to specialize their attacks.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
-…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure
1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker
could obtain valid usernames that could be helpful to support more
complex attacks.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-027
-…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute
force attack
1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker
could get high privilleges on the HANA system with unrestricted
access to any business information.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-024: SAP HANA arbitrary audit
injection via HTTP requests
1. Impact on Business
=====================
By exploiting this vulnerability an attacker could tamper the audit
logs, hiding his trails after an attack to a HANA system.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-024
– Onapsis…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-025: SAP HANA arbitrary audit
injection via SQL protocol
1. Impact on Business
=====================
By exploiting this vulnerability an attacker could tamper the audit
logs, hiding his trails after an attack to a HANA system.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-025
– Onapsis SVS…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write
1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
modify any information indexed by the SAP system.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-022
– Onapsis SVS ID: ONAPSIS-00180
– CVE:…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read
1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could access arbitrary business information from the SAP system.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-021
– Onapsis SVS ID: ONAPSIS-00179
-…