Affiliation/Organization: Onapsis


Time to Patch Stats

For vulnerabilities disclosed through this affiliation where we have sufficient data to calculate the time to patch (23 vulns), the following statistics apply:

Min Time To Patch:23 days
Avg Time To Patch:227 days
Max Time To Patch:484 days

Other Affiliations

Creditees Affiliated with Onapsis have also affiliated with:

Cybsec (1)

Website: http://www.onapsis.com/

Creditees currently or formerly associated with Onapsis (9):
(ordered by association date)

Known SinceNameVulns Through Affiliation
2010-10-12Onapsis Research Labs3
2010-10-13Juan Pablo Perez Etchegoyen18
2011-01-07Jordan Santarsieri11
2011-04-14Mariano Nunez Di Croce5
2013-02-21Juan Perez-Etchegoyen3
2013-03-01Nahuel D. Sánchez7
2013-03-27Juan Pablo Perez-Etchegoyen3
2013-12-10Sergio Abraham13
2014-02-11Pablo Muller1

Disclosed Vulnerabilities (61):

Discl. DateOSVDB IDCVE IDCrediteesTitle
2014-03-11 105808 Sergio Abraham
SAP HANA Extended Application Service (HAN-AS-XS) Former Public Applications Authentication Bypass
2014-03-09 105670 2014-2751 Onapsis Research Labs
SAP Print and Output Management Unspecified Hardcoded Credentials
2014-03-09 105671 2014-2752 Onapsis Research Labs
SAP Business Object Processing Framework (BOPF) for ABAP Unspecified Hardcoded Credentials
2014-02-11 104765 Sergio Abraham
SAP Structures (PS-ST) PS-ST / PS-MAT-PRO Unspecified Hardcoded Credentials
2014-02-11 104768 Sergio Abraham
SAP Brazil (XX-CSC-BR) Unspecified Hardcoded Credentials
2014-02-11 104770 Sergio Abraham
SAP Trader's and Scheduler's Workbench (IS-OIL-DS-TSW) Unspecified Hardcoded Credentials
2014-02-11 104813 Sergio Abraham
SAP Upgrade Tools (BC-UPG-TLS-TLA) SY-UNAME Usage Unspecified Issue
2014-02-11 104852 Sergio Abraham
SAP Transaction Data Pool (IS-B-DP) Unspecified Hardcoded Credentials
2014-02-11 104764 Sergio Abraham
SAP Monitoring (BC-CCM-MON) CCMS Unspecified Hardcoded Credentials
2014-02-11 104766 Sergio Abraham
SAP Capacity Leveling (PP-CRP-LVL) Unspecified Hardcoded Credentials
2014-02-11 104814 Sergio Abraham
SAP Web Services Tool (CA-WUI-WST) Unspecified Hardcoded Credentials
2014-02-11 104816 Sergio Abraham
SAP Open Hub Service (BW-WHM-DBA-OHS) Unspecified Hardcoded Credentials
2014-02-11 104853 Juan Pablo Perez Etchegoyen
Jordan Santarsieri
Pablo Muller
SAP System Landscape Directory (BC-CCM-SLD) Web AS ABAP Information Disclosure
2014-01-14 104130 Nahuel D. Sánchez
SAP Software Lifecycle Manager (BC-UPG-SLM) Unspecified Information Disclosure
2014-01-14 104134 Jordan Santarsieri
SAP F1 Help (BC-DOC-HLP) Unspecified Authorization Bypass
2014-01-14 104135 Nahuel D. Sánchez
SAP Profile Maintenance (BC-CCM-CNF-PFL) Unspecified Authorization Bypass
2014-01-14 104146 Nahuel D. Sánchez
SAP Background Processing (BC-CCM-BTC) Unspecified Authorization Bypass
2014-01-14 104161 Jordan Santarsieri
SAP Portal WD Integration (EP-PIN-WD) NW EP iView Wizard Unspecified Authorization Bypass
2013-12-10 103504 2014-2748 Sergio Abraham
SAP Basis SAP Syslog (BC-CCM-MON-SLG) Edit System Log and Security Audit Log Unspecified Authorization Bypass
2013-12-10 103508 Sergio Abraham
SAP Print and Output Management (BC-CCM-PRN) Backend Printing Unspecified Hardcoded Credentials
2013-12-10 103509 Sergio Abraham
SAP Business Object Framework (BC-ESI-BOF) Suite BOPF Unspecified Hardcoded Credentials
2013-11-08 105683 2013-7355 Jordan Santarsieri
SAP BI Universal Data Integration J2EE Schema Unspecified SQL Injection
2013-10-08 105469 2014-2749 Nahuel D. Sánchez
SAP HANA Application Services (BC-DB-HDB-XS) Crafted HTTP Request Information Disclosure
2013-08-08 105955 2013-7356 Jordan Santarsieri
SAP CCMS/Database Monitors for Oracle Unspecified Local Database Password Disclosure
2013-08-01 99295 Jordan Santarsieri
SAP Business Intelligence Java Software Development Kit (BW-BEX-UDI) Persistent Data Unspecified Information Disclosure
2013-07-02 105684 2013-7357 Juan Pablo Perez-Etchegoyen
SAP J2EE Engine Configuration Service Unspecified Credential Disclosure
2013-07-02 105686 2013-7358 Juan Pablo Perez-Etchegoyen
SAP Guided Procedures Archive Monitor Unspecified Remote Identity Information Disclosure
2013-06-05 105687 2013-7359 Nahuel D. Sánchez
SAP Mobile Infrastructure Unspecified Sensitive Port Information Disclosure
2013-05-11 105688 2013-7361 Nahuel D. Sánchez
SAP CMS / CM Services Path Traversal Arbitrary File Upload
2013-05-01 99413 Jordan Santarsieri
SAP CCMS / Database Monitors for Oracle (BC-DB-ORA-CCM) BRBACKUP Unspecified Information Disclosure
2013-04-01 100473 Juan Pablo Perez Etchegoyen
SAP Guided Procedures (BC-GP) Archive Monitor Unspecified Information Disclosure
2013-04-01 100476 Juan Pablo Perez Etchegoyen
SAP Java Application Server Enterprise Runtime (BC-JAS-COR) Configuration Service Unspecified Authorization Bypass
2013-03-27 105689 2013-7360 Juan Pablo Perez-Etchegoyen
SAP adminadapter Unspecified Remote File Manipulation
2013-03-01 100713 Alexander Polyakov
Nahuel D. Sánchez
SAP Mobile Infrastructure (BC-MOB-MI) Unspecified Information Disclosure
2013-02-22 90568 2013-7364 Juan Perez-Etchegoyen
SAP Java Application Server Enterprise Runtime (BC-JAS-COR) Unspecified Arbitrary File Overwrite
2013-02-21 90619 2013-7362 Juan Perez-Etchegoyen
SAP Monitoring (BC-CCM-MON) CCMS Agent Unspecified Remote Command Execution
2013-02-21 90618 2013-7363 Juan Perez-Etchegoyen
SAP Agent Framework (SV-SMG-DIA-SRV-AGT) SMD Agent Unspecified Remote Application Execution
2013-02-21 90567 2013-7365 Jordan Santarsieri
SAP NetWeaver Enterprise Portal (SAP EP) Unspecified XSS
2013-02-21 90570 2013-7366 Mariano Nunez Di Croce
Jordan Santarsieri
SAP NetWeaver Software Deployment Manager (SDM) Failed Authentication Attempt Handling Remote DoS
2013-02-21 90569 2013-7367 Mariano Nunez Di Croce
SAP NetWeaver Enterprise Portal (SAP EP) Federation Configuration Page Authentication Bypass
2013-01-08 99423 Juan Pablo Perez Etchegoyen
SAP AS Java BC-JAS-ADM-ADM Component adminadapter Service Directory Traversal Unspecified Issue
2012-01-17 78433 2011-2325 Juan Pablo Perez Etchegoyen
Oracle JD Edwards EnterpriseOne Tools JDENET Crafted Packet Arbitrary User Password Remote Disclosure
2012-01-17 78435 2011-3509 Juan Pablo Perez Etchegoyen
Oracle JD Edwards EnterpriseOne Tools JDENET Crafted Packet Arbitrary File Remote Disclosure
2012-01-17 78437 2011-3524 Juan Pablo Perez Etchegoyen
Oracle JD Edwards EnterpriseOne Tools JDENET Crafted Request JDE.INI File Content Remote Disclosure
2012-01-17 78438 2011-2317 Juan Pablo Perez Etchegoyen
Oracle JD Edwards EnterpriseOne Tools JDENET Message File Packet Handling Arbitrary File Manipulation
2011-07-19 73936 2011-0811 Juan Pablo Perez Etchegoyen
Oracle JD Edwards EnterpriseOne Server / Tools JDENET Kernel Message Parsing Remote DoS
2011-04-20 71919 2011-0810 Juan Pablo Perez Etchegoyen
Oracle JD Edwards EnterpriseOne Server / Tools Enterprise Infrastructure SEC JDENET Kernel Unicode Data Message Parsing Remote DoS
2011-04-19 71918 2011-0803 Juan Pablo Perez Etchegoyen
Oracle JD Edwards EnterpriseOne Server / Tools Enterprise Infrastructure SEC JDENet Service Packet Parsing Remote Overflow
2011-04-19 71921 2011-0818 Juan Pablo Perez Etchegoyen
Oracle JD Edwards EnterpriseOne Server / Tools Enterprise Infrastructure SEC JDENet Service Packet Parsing Access Violation Remote DoS
2011-04-19 71922 2011-0819 Juan Pablo Perez Etchegoyen
Oracle JD Edwards EnterpriseOne Tools Enterprise Infrastructure SEC JDENet Port UDP Packet Parsing Remote Access Restriction Bypass
2011-04-19 71924 2011-0824 Juan Pablo Perez Etchegoyen
Oracle JD Edwards EnterpriseOne Server / Tools Enterprise Infrastructure SEC JDENET SawKernel Remote Password Disclosure
2011-04-19 71925 2011-0825 Juan Pablo Perez Etchegoyen
Oracle JD Edwards EnterpriseOne Server / Tools Enterprise Infrastructure SEC XMLCallObject Kernel Message Parsing Remote Code Execution
2011-04-15 72684 Mariano Nunez Di Croce
SAP NetWeaver Portal Path Disclosure Weakness
2011-04-14 71833 Mariano Nunez Di Croce
SAP NetWeaver Web Application Server ITS Mobile Start / ITS Mobile Test Services Unspecified XSS
2011-04-14 71832 Mariano Nunez Di Croce
SAP NetWeaver Web Application Server Unspecified Arbitrary Site Redirect
2011-01-07 72007 Jordan Santarsieri
SAP Management Console (SAP MC) Unspecified Remote Service Restart DoS
2011-01-07 72008 Jordan Santarsieri
SAP Management Console (SAP MC) sapstartsrv SOAP Server Unauthenticated Remote Information Disclosure
2010-10-13 70075 2010-3583 Juan Pablo Perez Etchegoyen
Oracle VM ovs-agent XML-RPC Unspecified Remote Command Execution
2010-10-13 70074 2010-3584 Juan Pablo Perez Etchegoyen
Oracle VM ovs-agent Unspecified Local Authentication Credential Disclosure
2010-10-13 70073 2010-3585 Juan Pablo Perez Etchegoyen
Oracle VM ovs-agent XML-RPC Unspecified Arbitrary File Access
2010-10-12 68797 2010-3585 Onapsis Research Labs
Oracle VM Server Virtual Server Agent urt_test_url Method Command Injection

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2002 - 2014 Open Sourced Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use