SAP http://www.sap.com/ has released
http://scn.sap.com/community/security/blog/2015/08/11/sap-security-patch-day-summary--august-2015the
monthly critical patch update for August 2015. This patch update closes 22
vulnerabilities in SAP products, 15 have high priority, some of them belong
to the
Application: SAP Afaria 7
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: Buffer Overflow
Sent: 13.03.2015
Reported: 14.03.2015
Vendor response:14.03.2015
Date of Public Advisory:18.05.2015
Reference: SAP Security Note 2153690
Author:
1. ADVISORY INFORMATION
Title: Oracle E-Business Suite - Database user enumeration
Advisory ID: [ERPSCAN-15-025]
Advisory URL:
http://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/
Date published:20.10.2015
Vendors contacted: Oracle
2.
1. ADVISORY INFORMATION
Title: Oracle E-Business Suite XXE injection
Advisory ID: [ERPSCAN-15-030]
Advisory URL:
http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/
Date published: 20.10.2015
Vendors contacted: Oracle
2. VULNERABILITY INFORMATION
1. ADVISORY INFORMATION
Title: Oracle E-Business Suite - XXE injection
Advisory ID: [ERPSCAN-15-029]
Advisory URL:
http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/
Date published: 21.10.2015
Vendors contacted: Oracle
2. VULNERABILITY INFORMATION
ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS
service - Unauthorized Access
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS JAVA, probably others
Vendor URL: http://SAP.com
Bugs: Unauthorized access
Sent: 20.04.2013
Reported: 21.04.2013
Vendor response:
ERPSCAN Research Advisory [ERPSCAN-15-015] SAP NetWeaver AS ABAP–
Hardcoded Credentials
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS ABAP, probably others
Vendor URL: http://SAP.com
Bugs: Hardcoded credentials
Sent: 06.03.2014
Reported: 07.03.2014
Vendor response:
ERPSCAN Research Advisory [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE
in Add Repository
Application: SAP Mobile Platform
Versions Affected: SAP Mobile Platform 3, probably others
Vendor URL: http://SAP.com
Bugs: XML External Entity
Sent: 13.03.2015
Reported: 14.03.2015
Vendor response:
ERPSCAN Research Advisory [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS ABAP, probably others
Vendor URL: http://SAP.com
Bugs: Hardcoded credentials
Sent: 06.03.2014
Reported: 07.03.2014
Vendor
Application:SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Send: 13.07.2015
Reported: 13.07.2015
Vendor response:
Application:SAP Afaria
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: Stored XSS
Send: 18.02.2015
Reported: 18.02.2015
Vendor response: 18.02.2015
Date of Public Advisory: 11.08.2015
Reference: SAP Security Note 2152669
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5
Vendor URL: http://SAP.com
Bug: information disclosure
Sent: 04.12.2015
Reported: 05.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 08.03.2016
Reference: SAP Security Note 2255990
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5
Vendor URL: http://SAP.com
Bugs: XSS
Sent: 29.09.2015
Reported: 30.09.2015
Vendor response: 30.09.2015
Date of Public Advisory: 08.03.2016
Reference: SAP Security Note 2238765
Author: Vahagn Vardanyan
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5
Vendor URL: http://SAP.com
Bug: Directory traversal
Sent: 29.09.2015
Reported: 29.09.2015
Vendor response: 30.09.2015
Date of Public Advisory: 08.03.2016
Reference: SAP Security Note 2234971
Author:
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5
Vendor URL: http://SAP.com
Bug: XSS
Sent: 20.10.2015
Reported: 21.10.2015
Vendor response: 21.10.2015
Date of Public Advisory: 08.03.2016
Reference: SAP Security Note 2238375
Author: Vahagn
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5
Vendor URL: http://SAP.com
Bug: XXE
Sent: 20.10.2015
Reported: 21.10.2015
Vendor response: 21.10.2015
Date of Public Advisory: 08.03.2016
Reference: SAP Security Note 2235994
Author: Vahagn Vardanyan
[ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption
Application: SAP HANA
Versions Affected: SAP HANA 1.00.095
Vendor URL: http://SAP.com
Bugs: Memory corruption, RCE
Reported: 17.07.2015
Application:SAP MII
Versions Affected: SAP MII 12.2, 14.0, 15.0
Vendor URL: http://SAP.com
Bugs: Authentication bypass
Send: 05.09.2015
Reported: 05.09.2015
Vendor response: 06.09.2015
Date of
Application: SAP HANA
Versions Affected: SAP HANA
Vendor URL: http://SAP.com
Bugs: DoS
Sent: 28.09.2015
Reported: 28.09.2015
Vendor response: 29.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2241978
Author: Mathieu Geli (ERPScan)
Description
1. ADVISORY
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Sent: 01.09.2015
Reported: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2234918
Author: Vahagn Vardanyan
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5
Vendor URL:http://SAP.com
Bugs:SQL injection
Send: 04.12.2015
Reported: 04.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 09.02.2016
Reference: SAP Security Note 2101079
Application: SAP xMII
Versions Affected: SAP MII 15.0
Vendor URL: http://SAP.com
Bugs: Directory traversal
Sent: 29.07.2015
Reported: 29.07.2015
Vendor response: 30.07.2015
Date of Public Advisory: 09.02.2016
Reference: SAP Security Note 2230978
Author: Dmitry Chastuhin (ERPScan)
Application: SAP HANA
Versions Affected: SAP HANA
Vendor URL: http://SAP.com
Bugs: Log injection
Sent:28.09.2015
Reported: 28.09.2015
Vendor response: 29.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2241978
Author: Mathieu Geli (ERPScan)
Description
Application:SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Sent: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2206793
Author: Vahagn Vardanyan (ERPScan)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: cryptographic issues
Sent: 01.09.2015
Reported: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2191290
Author: Vahagn
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.4
Vendor URL: http://SAP.com
Bug: XXE
Sent: 04.12.2015
Reported: 05.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 12.04.2016
Reference: SAP Security Note 2254389
Author: Vahagn Vardanyan
Application: SAP xMII
Versions Affected: SAP xMII 15
Vendor URL: http://SAP.com
Bugs: XSS
Sent: 04.12.2015
Reported: 05.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 12.04.2016
Reference: SAP Security Note 2201295
Author: Nursultan Abubakirov (ERPScan) , Vahagn Vardanyan
Application: Java SE
Vendor: Oracle
Bug: DoS
Reported: 23.12.2016
Vendor response: 24.12.2016
Date of Public Advisory: 17.01.2017
Reference: Oracle CPU Jan 2017
Author: Roman Shalymov
1. ADVISORY INFORMATION
Title: Oracle OpenJDK - Java Serialization DoS
Advisory ID: [ERPSCAN-17-006]
Application: Oracle PeopleSoft
Vendor: Oracle
Bugs: XXS
Reported: 31.10.2016
Vendor response: 1.11.2016
Date of Public Advisory: 17.01.2017
Reference: Oracle CPU Jan 2017
Authors: Vahagn Vardanyan, Dmitry Yudin
1. ADVISORY INFORMATION
Title: Oracle PeopleSoft – XSS vulnerability
Application: SAP ASE
Versions Affected: SAP ASE ODATA Server v16
Vendor URL: http://SAP.com
Bugs: Denial of Service
Sent: 01.02.2016
Reported: 02.02.2016
Vendor response: 02.02.2016
Date of Public Advisory: 12.10.2016
Reference: SAP Security Note 2330422
Author: Vahagn @vah_13 Vardanyan
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.11-7.4
Vendor URL: http://SAP.com
Bugs: Information disclosure
Sent: 10.03.2016
Reported: 11.03.2016
Vendor response: 11.03.2016
Date of Public Advisory: 12.10.2016
Reference: SAP Security Note 2331908
Author:
Application: SAP Adaptive Server Enterprise
Versions Affected: SAP Adaptive Server Enterprise 16
Vendor URL: http://SAP.com
Bugs: Denial of Service
Sent: 01.02.2016
Reported: 02.02.2016
Vendor response: 02.02.2016
Date of Public Advisory: 12.07.2016
Reference: SAP Security Note
Application: SAP NetWeaver KERNEL
Versions Affected: SAP NetWeaver KERNEL 7.0-7.5
Vendor URL: http://SAP.com
Bugs: Denial of Service
Sent: 09.03.2016
Reported: 10.03.2016
Vendor response: 10.03.2016
Date of Public Advisory: 12.07.2016
Reference: SAP Security Note 2295238
Author:
Application: SAP EP-RUNTIME component
Versions Affected: SAP EP-RUNTIME 7.5
Vendor URL: http://SAP.com
Bugs: Denial of Service
Sent: 22.04.2016
Reported: 23.04.2016
Vendor response: 23.04.2016
Date of Public Advisory: 12.07.2016
Reference: SAP Security Note 2315788
Author: Mathieu Geli
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.4
Vendor URL: http://SAP.com
Bug: Denial of Service
Sent: 22.04.2016
Reported: 23.04.2016
Vendor response: 23.04.2016
Date of Public Advisory: 09.08.2016
Reference: SAP Security Note 2313835
Author: Vahagn
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.4
Vendor URL: http://SAP.com
Bug: XXE
Sent: 09.03.2016
Reported: 10.03.2016
Vendor response: 10.03.2016
Date of Public Advisory: 09.08.2016
Reference: SAP Security Note 2296909
Author: Vahagn Vardanyan
Application: SAP NetWeaver AS ABAP
Versions Affected: SAP NetWeaver AS ABAP 7.4
Vendor URL: http://SAP.com
Bugs: Directory traversal
Sent: 22.04.2016
Reported: 23.04.2016
Vendor response: 23.04.2016
Date of Public Advisory: 09.08.2016
Reference: SAP Security Note 2312966
Author: Daria
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.1 to 7.5
Vendor URL: http://SAP.com
Bugs: Directory traversal
Sent: 04.12.2015
Reported: 05.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 09.08.2016
Reference: SAP Security Note 2280371
Author:
Application: SAP Solman
Versions Affected: SAP Solman 7.1-7.31
Vendor URL: http://SAP.com
Bugs: Information Disclosure
Sent: 12.07.2016
Reported: 13.07.2016
Vendor response: 13.07.2016
Date of Public Advisory: 13.09.2016
Reference: SAP Security Note 2344524
Author: Roman Bezhan (ERPScan)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component
Vendor URL: http://SAP.com
Bugs: Directory traversal
Reported: 04.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 13.12.2016
Reference: SAP Security Note 2310790
Author: Mathieu Geli (ERPScan)
Application: Oracle PeopleSoft
Versions Affected: PeopleSoft HCM 9.2 on PeopleTools 8.55
Vendor URL: http://oracle.com
Bug: XXE
Reported: 23.12.2016
Vendor response: 24.12.2016
Date of Public Advisory: 18.04.2017
Reference: Oracle CPU April 2017
Author: Nadya Krivdyuk (ERPScan)
Description
1.
Application: Oracle PeopleSoft
Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55;
PeopleSoft HCM 9.2
Vendor URL: http://oracle.com
Bugs: SSRF
Reported: 23.12.2016
Vendor response: 24.12.2016
Date of Public Advisory: 18.04.2017
Reference: Oracle CPU April 2017
Author: Roman Shalymov
1. ADVISORY INFORMATION
Title: Directory Traversal vulnerability in Integration Gateway (PSIGW)
Advisory ID: [ERPSCAN-17-038]
Advisory URL:
https://erpscan.com/advisories/erpscan-17-038-directory-traversal-vulnerability-integration-gateway-psigw/
Risk: High
Date published: 18.07.2017
Vendor
43 matches
Mail list logo