Accessibility Statement Skip Navigation
  • Why PRWeb
  • How It Works
  • Who Uses It
  • Pricing
  • Login
  • GDPR
  • Create a Free Account
Return to PRWeb homepage
  • News
  • Resources
  • Contact
When typing in this field, a list of search results will appear and be automatically updated as you type.

Searching for your content...

No results found. Please change your search terms and try again.
  • News in Focus
      • Browse News Releases

      • All News Releases
      • Multimedia Gallery

      • All Multimedia
      • All Photos
      • All Videos
  • Business & Money
      • Auto & Transportation

      • Aerospace, Defense
      • Air Freight
      • Airlines & Aviation
      • Automotive
      • Maritime & Shipbuilding
      • Railroads and Intermodal Transportation
      • Supply Chain/Logistics
      • Transportation, Trucking & Railroad
      • Travel
      • Trucking and Road Transportation
      • View All Auto & Transportation

      • Business Technology

      • Blockchain
      • Broadcast Tech
      • Computer & Electronics
      • Computer Hardware
      • Computer Software
      • Data Analytics
      • Electronic Commerce
      • Electronic Components
      • Electronic Design Automation
      • Financial Technology
      • High Tech Security
      • Internet Technology
      • Nanotechnology
      • Networks
      • Peripherals
      • Semiconductors
      • View All Business Technology

      • Entertain­ment & Media

      • Advertising
      • Art
      • Books
      • Entertainment
      • Film and Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television
      • View All Entertain­ment & Media

      • Financial Services & Investing

      • Accounting News & Issues
      • Acquisitions, Mergers and Takeovers
      • Banking & Financial Services
      • Bankruptcy
      • Bond & Stock Ratings
      • Conference Call Announcements
      • Contracts
      • Cryptocurrency
      • Dividends
      • Earnings
      • Earnings Forecasts & Projections
      • Financing Agreements
      • Insurance
      • Investments Opinions
      • Joint Ventures
      • Mutual Funds
      • Private Placement
      • Real Estate
      • Restructuring & Recapitalization
      • Sales Reports
      • Shareholder Activism
      • Shareholder Meetings
      • Stock Offering
      • Stock Split
      • Venture Capital
      • View All Financial Services & Investing

      • General Business

      • Awards
      • Commercial Real Estate
      • Corporate Expansion
      • Earnings
      • Environmental, Social and Governance (ESG)
      • Human Resource & Workforce Management
      • Licensing
      • New Products & Services
      • Obituaries
      • Outsourcing Businesses
      • Overseas Real Estate (non-US)
      • Personnel Announcements
      • Real Estate Transactions
      • Residential Real Estate
      • Small Business Services
      • Socially Responsible Investing
      • Surveys, Polls and Research
      • Trade Show News
      • View All General Business

  • Science & Tech
      • Consumer Technology

      • Artificial Intelligence
      • Blockchain
      • Cloud Computing/Internet of Things
      • Computer Electronics
      • Computer Hardware
      • Computer Software
      • Consumer Electronics
      • Cryptocurrency
      • Data Analytics
      • Electronic Commerce
      • Electronic Gaming
      • Financial Technology
      • Mobile Entertainment
      • Multimedia & Internet
      • Peripherals
      • Social Media
      • STEM (Science, Tech, Engineering, Math)
      • Supply Chain/Logistics
      • Wireless Communications
      • View All Consumer Technology

      • Energy & Natural Resources

      • Alternative Energies
      • Chemical
      • Electrical Utilities
      • Gas
      • General Manufacturing
      • Mining
      • Mining & Metals
      • Oil & Energy
      • Oil and Gas Discoveries
      • Utilities
      • Water Utilities
      • View All Energy & Natural Resources

      • Environ­ment

      • Conservation & Recycling
      • Environmental Issues
      • Environmental Policy
      • Environmental Products & Services
      • Green Technology
      • Natural Disasters
      • View All Environ­ment

      • Heavy Industry & Manufacturing

      • Aerospace & Defense
      • Agriculture
      • Chemical
      • Construction & Building
      • General Manufacturing
      • HVAC (Heating, Ventilation and Air-Conditioning)
      • Machinery
      • Machine Tools, Metalworking and Metallurgy
      • Mining
      • Mining & Metals
      • Paper, Forest Products & Containers
      • Precious Metals
      • Textiles
      • Tobacco
      • View All Heavy Industry & Manufacturing

      • Telecomm­unications

      • Carriers and Services
      • Mobile Entertainment
      • Networks
      • Peripherals
      • Telecommunications Equipment
      • Telecommunications Industry
      • VoIP (Voice over Internet Protocol)
      • Wireless Communications
      • View All Telecomm­unications

  • Lifestyle & Health
      • Consumer Products & Retail

      • Animals & Pets
      • Beers, Wines and Spirits
      • Beverages
      • Bridal Services
      • Cannabis
      • Cosmetics and Personal Care
      • Fashion
      • Food & Beverages
      • Furniture and Furnishings
      • Home Improvement
      • Household, Consumer & Cosmetics
      • Household Products
      • Jewelry
      • Non-Alcoholic Beverages
      • Office Products
      • Organic Food
      • Product Recalls
      • Restaurants
      • Retail
      • Supermarkets
      • Toys
      • View All Consumer Products & Retail

      • Entertain­ment & Media

      • Advertising
      • Art
      • Books
      • Entertainment
      • Film and Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television
      • View All Entertain­ment & Media

      • Health

      • Biometrics
      • Biotechnology
      • Clinical Trials & Medical Discoveries
      • Dentistry
      • FDA Approval
      • Fitness/Wellness
      • Health Care & Hospitals
      • Health Insurance
      • Infection Control
      • International Medical Approval
      • Medical Equipment
      • Medical Pharmaceuticals
      • Mental Health
      • Pharmaceuticals
      • Supplementary Medicine
      • View All Health

      • Sports

      • General Sports
      • Outdoors, Camping & Hiking
      • Sporting Events
      • Sports Equipment & Accessories
      • View All Sports

      • Travel

      • Amusement Parks and Tourist Attractions
      • Gambling & Casinos
      • Hotels and Resorts
      • Leisure & Tourism
      • Outdoors, Camping & Hiking
      • Passenger Aviation
      • Travel Industry
      • View All Travel

  • Policy & Public Interest
      • Policy & Public Interest

      • Advocacy Group Opinion
      • Animal Welfare
      • Congressional & Presidential Campaigns
      • Corporate Social Responsibility
      • Domestic Policy
      • Economic News, Trends, Analysis
      • Education
      • Environmental
      • European Government
      • FDA Approval
      • Federal and State Legislation
      • Federal Executive Branch & Agency
      • Foreign Policy & International Affairs
      • Homeland Security
      • Labor & Union
      • Legal Issues
      • Natural Disasters
      • Not For Profit
      • Patent Law
      • Public Safety
      • Trade Policy
      • U.S. State Policy
      • View All Policy & Public Interest

  • People & Culture
      • People & Culture

      • Aboriginal, First Nations & Native American
      • African American
      • Asian American
      • Children
      • Diversity, Equity & Inclusion
      • Hispanic
      • Lesbian, Gay & Bisexual
      • Men's Interest
      • People with Disabilities
      • Religion
      • Senior Citizens
      • Veterans
      • Women
      • View All People & Culture

  • Hamburger menu
  • Cision PRWeb provides efficient communication tools to continuously engage with target audiences across multiple online channels
  • Create a Free Account
    • ALL CONTACT INFO
    • Contact Us


      11AM ET Sunday – 8PM ET Friday

  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR
  • News in Focus
    • Browse All News
    • Multimedia Gallery
  • Business & Money
    • Auto & Transportation
    • Business Technology
    • Entertain­ment & Media
    • Financial Services & Investing
    • General Business
  • Science & Tech
    • Consumer Technology
    • Energy & Natural Resources
    • Environ­ment
    • Heavy Industry & Manufacturing
    • Telecomm­unications
  • Lifestyle & Health
    • Consumer Products & Retail
    • Entertain­ment & Media
    • Health
    • Sports
    • Travel
  • Policy & Public Interest
  • People & Culture
    • People & Culture
  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR
  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR
  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR

Onapsis Issues 20 Advisories Affecting SAP and Oracle Business Critical Applications
  • USA - English


News provided by

Kesselring Communications

Sep 21, 2016, 13:25 ET

Share this article

Share toX

Share this article

Share toX

Onapsis
Onapsis

Boston, MA (PRWEB) September 21, 2016 -- Onapsis, the global experts in business-critical application security, today released new security advisories detailing vulnerabilities in SAP and Oracle business applications. Included in the advisories are seven “critical risk” vulnerabilities for SAP NetWeaver that could allow an attacker to take full control of an SAP system. The advisories also detail cross-site scripting (XSS) attacks affecting Oracle E-Business Suite which could allow an attacker to steal sensitive business information.

The advisories are released by the Onapsis Research Labs, a team of security experts who combine in-depth knowledge and experience to deliver technical analysis with business-context, and provide sound security guidance to the market.

Post this

“SAP NetWeaver is the technical integration platform on top of which enterprise and business solutions are developed and run. Vulnerabilities at this level are of extreme criticality as, if they are exploited, an attacker would not only be able to access commands at the operating system layer but could also modify and take full control over all information residing within the SAP system,” said Sebastian Bortnik, Head of Research, Onapsis.

SAP is run by over 250,000 customers worldwide, including 87 percent of Global 2000 companies. Depending on an organization’s use of these platforms, “critical risk” vulnerabilities could be used by cyber attackers to gain access to mission-critical information including customer data, product pricing, financial statements, employee information, supply chains, business intelligence, budgeting, planning and forecasting.

Critical Risk vulnerabilities affecting SAP include:
• SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP
• SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV
• SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG
• SAP OS Command Injection in PREPARE_CHECK_CAPACITY
• SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT
• SAP OS Command Injection in SCTC_REORG_SPOOL
• SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC

As a core business application, Oracle E-Business Suite manages critical information such as Financial, Human Resources and Customer data, Project Portfolio Management, Procurement, and Supply Chain Management. Oracle's JD Edwards EnterpriseOne is an integrated applications suite of comprehensive enterprise resource planning software that combines business value, standards-based technology, and deep industry experience into a business solution with a low total cost of ownership.

“Cross-site scripting vulnerabilities allow attackers to inject client-side scripts into webpages viewed by other users. These vulnerabilities are important because attackers could bypass access controls and gain full access to the system," said Matias Mevied, Senior Security Researcher, Onapsis.

Cross-site scripting vulnerabilities affecting Oracle E-Business Suite include:

• CVE-2016-3536: This CVE contains two XSS vulnerabilities affecting Oracle Marketing
• CVE-2016-3535: The component involved is Oracle CRM Technical Foundation with the sub component Remote Launch
• CVE-2016-3534: This CVE relates to Open Redirect Attacks
• CVE-2016-3533: This CVE contains three vulnerabilities related to the Oracle component of Knowledge Management
• CVE-2016-3532: There are seven vulnerabilities within this CVE that relate to XSS attacks; while they pertain to the same component they have different parameters that are not sanitized
• CVE-2016-0533: This CVE relates to XSS attacks affecting the Oracle CRM Technical Foundation with the sub component Wireless Framework

The advisories are released by the Onapsis Research Labs, a team of security experts who combine in-depth knowledge and experience to deliver technical analysis with business-context, and provide sound security guidance to the market. The team has reported more than 300 SAP and Oracle vulnerabilities, and has released over 150 advisories to date. Each advisory details the business-context relevance of an identified vulnerability, including impact on a business, a description of the affected components, and steps to resolution such as patch download links and recommended security fixes.

The advisories are publicly available at: onapsis.com/research/security-advisories.

For more details on cross-site scripting vulnerabilities please visit: onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016.

About Onapsis Research Labs™
SAP and Oracle Security Threat Intelligence is produced by Onapsis Research Labs, a team of leading security experts who combine in-depth knowledge and experience to deliver technical analysis with business context, and provide sound security judgment to the market. The team works closely with SAP and Oracle product security teams to responsibly deliver the information to customers and has released over 150 advisories to date, with over 35 affecting SAP HANA; has consulted on impact with over 180 Onapsis enterprise customers; and regularly presents at leading security and SAP conferences around the world. Onapsis was the first to deliver “SAP Security In-Depth” publications that provide detailed analysis on security risks impacting SAP and SAP HANA.

About Onapsis
Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ patented solutions enable security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications.

Headquartered in Boston, MA, Onapsis serves over 200 customers including many of the Global 2000. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, Deloitte, E&Y, IBM, KPMG and PwC.

Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs.

These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms.

Onapsis has been issued U.S. Patent No. 9,009,837 entitled “Automated Security Assessment of Business-Critical Systems and Applications,” which describes certain algorithms and capabilities behind the technology powering the Onapsis Security Platform™ and Onapsis X1™ software platforms. This patented technology is recognized industry wide and has gained Onapsis the recognition as a 2015 SINET 16 Innovator.

For more information, please visit http://www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Onapsis and Onapsis Research Labs are registered trademarks of Onapsis, Inc. All other company or product names may be the registered trademarks of their respective owners.

Leslie Kesselring, Kesselring Communications, +1 503-358-1012, [email protected]

Modal title

Contact PRWeb

  • 11AM ET Sunday – 8PM ET Friday
  • Contact Us

About PRWeb

  • About PRWeb
  • Partners
  • Partnership Programs
  • Editorial Guidelines
  • Resources

Why PRWeb

  • Why PRWeb
  • How It Works
  • Who Uses It
  • Pricing

Accounts

  • Create a Free Account
  • Log in
  • Contact Us

Do not sell or share my personal information:

  • Submit via [email protected] 
  • Call Privacy toll-free: 877-297-8921

Contact Cision

Products

About

My Services
  • All News Releases
  • Online Member Center
  • ProfNet
Cision Distribution Helpline
888-776-0942
  • Legal
  • Site Map
  • RSS
  • Cookie Settings
Copyright © 2025 Cision US Inc.