One year of SAP vulnerabilities

CERT-DVT Sécurité SAP

Version Française [x_custom_headline type=”left” level=”h4″ looks_like=”h4″]Quick review[/x_custom_headline] This 13 December was the last ‘SAP Security Tuesday patch’ of the year. Now it is possible to make some reviews and comments …

SAP with Oracle – Authentication problem

CERT-DVT Sécurité SAP

Version Française [x_custom_headline type=”left” level=”h4″ looks_like=”h4″]Introduction[/x_custom_headline] In SAP version prior SAP Netweaver 7.40, for communication between Oracle and SAP purpose, the Oracle database is installed with the remote_os_authent parameter enable. …

SAP HANA : Pentest through TREXNet

CERT-DVT Sécurité SAP

Version Française [x_custom_headline type=”none” level=”h4″ looks_like=”h4″]Introduction[/x_custom_headline] In 2016 an important security vulnerability was corrected on the new SAP platform : SAP HANA. An anonymous ‘Remote command Execution’ was possible. The …