Affiliation/Organization: Onapsis


Time to Patch Stats

For vulnerabilities disclosed through this affiliation where we have sufficient data to calculate the time to patch (22 vulns), the following statistics apply:

Min Time To Patch:23 days
Avg Time To Patch:235 days
Max Time To Patch:484 days

Other Affiliations

Creditees Affiliated with Onapsis have also affiliated with:

Cybsec (1)

Website: http://www.onapsis.com/

Creditees currently or formerly associated with Onapsis (5):
(ordered by association date)

Known SinceNameVulns Through Affiliation
2010-10-12Onapsis Research Labs1
2010-10-13Juan Pablo Perez Etchegoyen14
2011-01-07Jordan Santarsieri4
2011-04-14Mariano Nunez Di Croce5
2013-02-21Juan Perez-Etchegoyen3

Disclosed Vulnerabilities (26):

Discl. DateOSVDB IDCVE IDCrediteesTitle
2013-02-21 90569 Mariano Nunez Di Croce
 SAP NetWeaver Enterprise Portal (SAP EP) Federation Configuration Page Authentication Bypass
2013-02-21 90570 Mariano Nunez Di Croce
Jordan Santarsieri
 SAP NetWeaver Software Deployment Manager (SDM) Failed Authentication Attempt Handling Remote DoS
2013-02-21 90567 Jordan Santarsieri
 SAP NetWeaver Enterprise Portal (SAP EP) Unspecified XSS
2013-02-21 90568 Juan Perez-Etchegoyen
 SAP NetWeaver J2EE Engine Core Services Unspecified Arbitrary File Overwrite
2013-02-21 90619 Juan Perez-Etchegoyen
 SAP NetWeaver CCMS Agent Unspecified Remote Command Execution
2013-02-21 90618 Juan Perez-Etchegoyen
 SAP NetWeaver SMD Agent Unspecified Remote Application Execution
2012-01-17 78433 2011-2325 Juan Pablo Perez Etchegoyen
 Oracle JD Edwards EnterpriseOne Tools JDENET Crafted Packet Arbitrary User Password Remote Disclosure
2012-01-17 78435 2011-3509 Juan Pablo Perez Etchegoyen
 Oracle JD Edwards EnterpriseOne Tools JDENET Crafted Packet Arbitrary File Remote Disclosure
2012-01-17 78437 2011-3524 Juan Pablo Perez Etchegoyen
 Oracle JD Edwards EnterpriseOne Tools JDENET Crafted Request JDE.INI File Content Remote Disclosure
2012-01-17 78438 2011-2317 Juan Pablo Perez Etchegoyen
 Oracle JD Edwards EnterpriseOne Tools JDENET Message File Packet Handling Arbitrary File Manipulation
2011-07-19 73936 2011-0811 Juan Pablo Perez Etchegoyen
 Oracle JD Edwards EnterpriseOne Server / Tools JDENET Kernel Message Parsing Remote DoS
2011-04-20 71919 2011-0810 Juan Pablo Perez Etchegoyen
 Oracle JD Edwards EnterpriseOne Server / Tools Enterprise Infrastructure SEC JDENET Kernel Unicode Data Message Parsing Remote DoS
2011-04-19 71918 2011-0803 Juan Pablo Perez Etchegoyen
 Oracle JD Edwards EnterpriseOne Server / Tools Enterprise Infrastructure SEC JDENet Service Packet Parsing Remote Overflow
2011-04-19 71921 2011-0818 Juan Pablo Perez Etchegoyen
 Oracle JD Edwards EnterpriseOne Server / Tools Enterprise Infrastructure SEC JDENet Service Packet Parsing Access Violation Remote DoS
2011-04-19 71922 2011-0819 Juan Pablo Perez Etchegoyen
 Oracle JD Edwards EnterpriseOne Tools Enterprise Infrastructure SEC JDENet Port UDP Packet Parsing Remote Access Restriction Bypass
2011-04-19 71924 2011-0824 Juan Pablo Perez Etchegoyen
 Oracle JD Edwards EnterpriseOne Server / Tools Enterprise Infrastructure SEC JDENET SawKernel Remote Password Disclosure
2011-04-19 71925 2011-0825 Juan Pablo Perez Etchegoyen
 Oracle JD Edwards EnterpriseOne Server / Tools Enterprise Infrastructure SEC XMLCallObject Kernel Message Parsing Remote Code Execution
2011-04-15 72684 Mariano Nunez Di Croce
 SAP NetWeaver Portal Path Disclosure Weakness
2011-04-14 71833 Mariano Nunez Di Croce
 SAP NetWeaver Web Application Server ITS Mobile Start / ITS Mobile Test Services Unspecified XSS
2011-04-14 71832 Mariano Nunez Di Croce
 SAP NetWeaver Web Application Server Unspecified Arbitrary Site Redirect
2011-01-07 72007 Jordan Santarsieri
 SAP Management Console (SAP MC) Unspecified Remote Service Restart DoS
2011-01-07 72008 Jordan Santarsieri
 SAP Management Console (SAP MC) sapstartsrv SOAP Server Unauthenticated Remote Information Disclosure
2010-10-13 70075 2010-3583 Juan Pablo Perez Etchegoyen
 Oracle VM ovs-agent XML-RPC Unspecified Remote Command Execution
2010-10-13 70074 2010-3584 Juan Pablo Perez Etchegoyen
 Oracle VM ovs-agent Unspecified Local Authentication Credential Disclosure
2010-10-13 70073 2010-3585 Juan Pablo Perez Etchegoyen
 Oracle VM ovs-agent XML-RPC Unspecified Arbitrary File Access
2010-10-12 68797 2010-3585 Onapsis Research Labs
 Oracle VM Server Virtual Server Agent urt_test_url Method Command Injection

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2002 - 2013 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use