1. https://appdevelopermagazine.com/security
  2. https://appdevelopermagazine.com/onapsis-releases-15-sap-hana-and-sap-trex-critical-security-advisories/
7/22/2016 2:04:00 PM
Onapsis Releases 15 SAP HANA and SAP Trex Critical Security Advisories
SAP HANA,SAP TREX,Security Advisories
/Critical-Security-Advisories-App-Developer-Magazine_tqiwpjsz.jpg
App Developer Magazine

Security

Onapsis Releases 15 SAP HANA and SAP Trex Critical Security Advisories


Friday, July 22, 2016

Richard Harris Richard Harris


The Onapsis Research Lab has issued 15 security advisories detailing critical vulnerabilities in SAP HANA and SAP Trex. These vulnerabilities could be used to gain high privileges allowing unrestricted access to business information, and to modify arbitrary database information. All vulnerabilities outlined in the advisories have been patched by SAP.

The Onapsis Research Lab produces regular SAP security advisories and vulnerability research which provides technical details around these vulnerabilities as well as mitigation information. These most advisories involving SAP HANA and SAP Trex include:

- SAP HANA Arbitrary Audit Injection via HTTP Requests: By exploiting this vulnerability, an attacker could tamper the audit logs, hiding evidence of an attack to a HANA system.

- SAP TREX Remote Directory Traversal: By exploiting this vulnerability, a remote unauthenticated attacker could access arbitrary business information from the SAP system.

- SAP HANA Information Disclosure in EXPORT: By exploiting this vulnerability, an attacker could access business information indexed by the SAP system.

- SAP HANA Potential Wrong Encryption: By exploiting this vulnerability, a remote unauthenticated attacker could access arbitrary business information from the SAP system.

- SAP HANA SYSTEM User Brute Force Attack: By exploiting this vulnerability, a remote unauthenticated attacker could receive high privileges on the HANA system with unrestricted access to any business information.

- SAP TREX Remote File Read: By exploiting this vulnerability, a remote unauthenticated attacker could access arbitrary business information from the SAP system.

- SAP HANA Potential Remote Code Execution: By exploiting this vulnerability, an unauthenticated attacker could access and modify any information indexed by the SAP system.

- SAP HANA Password Disclosure: By exploiting this vulnerability, a remote attacker may obtain clear-text passwords of SAP HANA users and get critical information.

- SAP TREX Remote Command Execution: By exploiting this vulnerability, an unauthenticated attacker could access and modify any information indexed by the SAP system.

- SAP TREX Arbitrary File Write: By exploiting this vulnerability an unauthenticated attacker could modify any information indexed by the SAP system.

- SAP HANA User Information Disclosure: By exploiting this vulnerability, a remote unauthenticated attacker could obtain valid usernames that could be used to support more complex attacks.

- SAP TREX Remote Command Execution: By exploiting this vulnerability, an unauthenticated attacker could access and modify any information indexed by the SAP system.
 
- SAP HANA Arbitrary Audit Injection via SQL Protocol: By exploiting this vulnerability, an attacker could tamper the audit logs, hiding his evidence of an attack to a HANA system.

- SAP TREX TNS Information Disclosure in NameServer: By exploiting this vulnerability, an attacker could discover information relating to servers. This information could be used to allow the attacker to specialize their attacks.

- SAP HANA Get Topology Information Disclosure: By exploiting this vulnerability, a remote unauthenticated attacker could obtain technical information about the SAP HANA Platform that can be used to perform more complex attacks.




Onapsis Releases 15 SAP HANA and SAP Trex Critical Security Advisories




Read more: https://www.onapsis.com/research/security-advisori...




Subscribe to App Developer Magazine

Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.

MEMBERS GET ACCESS TO

  • - Exclusive content from leaders in the industry
  • - Q&A articles from industry leaders
  • - Tips and tricks from the most successful developers weekly
  • - Monthly issues, including all 90+ back-issues since 2012
  • - Event discounts and early-bird signups
  • - Gain insight from top achievers in the app store
  • - Learn what tools to use, what SDK's to use, and more

    Subscribe here



Stay Updated

Sign up for our newsletter for the headlines delivered to you

SuccessFull SignUp

Featured Stories


AI Executive Order aims to balance security and innovation
AI Executive Order aims to balance security and innovation Monday, June 29, 2026




Top manufacturing trends for 2026
Top manufacturing trends for 2026 Tuesday, June 23, 2026


API scoring tool shows if your API is ready for AI
API scoring tool shows if your API is ready for AI Monday, June 22, 2026


Agentic AI Reality Check: The Million-Dollar Mistake Hiding Inside ERP
Agentic AI Reality Check: The Million-Dollar Mistake Hiding Inside ERP Friday, June 19, 2026


Influencer Debate AI Anthropic IPO Reveals Industry Concerns
Influencer Debate AI Anthropic IPO Reveals Industry Concerns Wednesday, June 17, 2026


Subscription apps are losing users faster than ever
Subscription apps are losing users faster than ever Tuesday, June 16, 2026


DomainTools announces real time threat feeds
DomainTools announces real time threat feeds Monday, June 15, 2026


Take It Down Act results in warning letters from FTC
Take It Down Act results in warning letters from FTC Friday, June 12, 2026


Nvidia valuation fears grow
Nvidia valuation fears grow Friday, June 12, 2026


Anthropic launches Claude Design
Anthropic launches Claude Design Wednesday, June 10, 2026


Get More App News