Category Archives: Full Disclosure

Full Disclosure

[Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure

Posted by Onapsis Research Labs on Oct 08

Onapsis Security Advisory 2014-020: SAP Business Objects Information
Disclosure

1. Impact on Business
=====================

A malicious user can discover information relating to valid users
using a vulnerable Business Objects Enterprise instance. This
information could be used to allow the malicious user to specialize
their attacks against the system.

Risk Level: Medium

2. Advisory Information
=======================

– Public…

[Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA

Posted by Onapsis Research Labs on Oct 08

Onapsis Security Advisory 2014-020: SAP Business Objects Denial of
Service via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would
be able to completely shut down the SAP Business Objects remotely.

Risk Level: High

2. Advisory Information
=======================

– Public Release Date: 2014-10-08

– Subscriber Notification Date: 2014-10-08

– Last Revised:…

[Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA

Posted by Onapsis Research Labs on Oct 08

Onapsis Security Advisory 2014-031: SAP Business Objects Information
Disclosure via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would
be able to obtain information about the system that could be used to
further specialize attacks against the Business Objects platform.

Risk Level: Low

2. Advisory Information
=======================

– Public Release Date:…

[Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check

Posted by Onapsis Research Labs on Oct 08

Onapsis Security Advisory 2014-033: SAP Business Warehouse Missing
Authorization Check

1. Impact on Business
=====================

By exploiting this vulnerability an authenticated attacker will be able
to abuse of functionality that should be restricted and can disclose
technical information without having the right access permissions. This
information could be used to perform further attacks over the platform.

Risk Level: Low…

[Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities

Posted by Onapsis Research Labs on Oct 08

Onapsis Security Advisory 2014-027: SAP HANA Multiple Reflected Cross
Site Scripting Vulnerabilities

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would
be able to attack other users of the system.

Risk Level: Medium

2. Advisory Information
=======================

– Public Release Date: 2014-10-08

– Subscriber Notification Date: 2014-10-08

– Last Revised:…

[Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection

Posted by Onapsis Research Labs on Oct 08

Onapsis Security Advisory 2014-028: SAP HANA Web-based Development
Workbench Code Injection

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would
be able to completely compromise the SAP system and any information
processed and stored in that system.

Risk Level: High

2. Advisory Information
=======================

– Public Release Date: 2014-10-08

– Subscriber…