Onapsis Security Advisory - A remote unauthenticated attacker might be able to modify technical information about SAP systems potentially leading to a full compromise of all business information due to an SLD information tampering vulnerability.
38205de30d7077e9d7a6e240e956ac54d8c2700272a5830b5e2fc4a702ab4895
Onapsis Security Advisory - SAP BASIS suffers from a missing authorization check. SAP Netweaver ABAP Application Server is affected.
256bd960fbdebcad59f543091e1b5400cedf42289a770e76797b5c696842db46
Onapsis Security Advisory - It has been detected that some functionality of the affected webdynpro displays all the SAP systems that are registered on the SLD without requiring username or password. This situation will bring valuable information to an attacker to plan a more complex attack over the SAP environment. SAP Netweaver Java Application Server is affected.
f0232025c98889497fcb0c0b1d72442e16fc22b24d19905bd9ad64c3644c09bb
Onapsis Security Advisory - As the server does not perform a proper security validation on the input parameters, it is possible to inject DHTML code that would be rendered to the user accessing the link in SAP Enterprise Portal.
90263b999fd3713c409e968fef5750efe496d3c670dd404aa00e7175cccf16df
Onapsis Security Advisory - The SDM suffers from a design vulnerability in the way it handles failed user authentication attempts, generating a denial of service condition if some conditions are met. This can be abused by a malicious attacker to disrupt this service.
b9fa27961da95e0e64a0970f55bd1166292455bd7ad40a519c24ce582e12a1ec
Onapsis Security Advisory - It has been detected that many of the available methods in the sapstartsrv SOAP server in the SAP Management Console do not require user authentication, allowing remote and unauthenticated users to obtain sensitive information from the SAP system, such as the list of log files and their content, profile parameters, developer traces, etc.
f8e585a8af3d50d4d066bfa69bcef904e8d60df7cef2280ac90d36487128fbe9
Onapsis Security Advisory - A denial of service vulnerability has been discovered in the processing of administration commands by the SAP MC. This functionality allows the restart of the service without providing authentication information.
4ecd09a62c8bf85b0453c91f958d8c715681b0c176803619a09cecc86fceb506