Hot news note 3273480 was updated in February for a critical vulnerability that could enable attackers to compromise installations of NetWeaver Application Server Java (AS Java) via an open JNDI interface exposed through User Defined Search (UDS). The updates include corrections for side effects caused by the original fix for the vulnerability that implemented authorization checks for affected public methods. Note 3301366 corrects side effects for alerting and monitoring after implementing note 3273480. Note 3284781 provides instructions to correct side effects observed for specific services used by Process Integration (PI).
Note 3285757 recommends upgrading the SAP Host Agent to the latest version 7.22 PL59 in order to patch a high priority privilege escalation vulnerability. Attackers can exploit the vulnerability to execute operating system commands using administrative privileges through webservice requests.
Note 3256787 includes a fix for an unrestricted file upload vulnerability in SAP BusinessObjects Business Intelligence (BOBJ). The note also includes instructions for a workaround that involves applying a whitelist for file format types using the property upload.file.allowed.formats in the global.properties file.
Other important notes include 3263135 and 3271091 for information disclosure and privilege escalation vulnerabilities in BOBJ and SAP Business Planning and Consolidation (BPC), respectively.
Maintenance Planner is a cloud solution from SAP that supports the planning and administration of systems in SAP landscapes. It is the successor to Maintenance Optimizer and Landscape Planner and consolidates and simplifies tasks such as system installation, updates, upgrades and conversions.
Maintenance Planner is hosted on the SAP Support Portal. It maintains an inventory of SAP systems in customer landscapes. The inventory can be viewed using the Explore Systems tile.
Landscapes can also be analyzed using graphical topologies in Hybrid Landscape Visualization.
Explore Systems provides detailed software information for each system such as product versions, components and stack levels, as well as tracks and dependencies. Tracks are used to group related systems and streamline maintenance.
Maintenance Planner identifies products that are out of maintenance, third-party add-ons installed in SAP systems, and inconsistencies between displayed software components and installed components in systems. The software information is sourced by Maintenance Planner directly from the Landscape Management Landscape Database (LMDB) in SAP Solution Manager. The information is synchronized with the LMDB every day via the SAP-OSS connection between Solution Manager and SAP Support.
Upgrade Dependency Analyzer (UDA) is integrated with Maintenance Planner to help identify the impact of maintenance tasks in dependant systems. Maintenance Planner identifies and downloads the required software packages for planned upgrades or new systems. It also supports conversion tasks for migration from SAP ERP to S/4HANA. Finally, Maintenance Planner includes guided workflows to discover and integrate SAP cloud solutions.
Maintenance Planner calculates and displays recommended notes for systems in each landscape. The notes are analyzed and managed using the View Recommended Notes tile. It supports searching, filtering, grouping, sorting, and exporting of results. The Calculate Notes option displays relevant notes for selected systems. Notes are grouped by category including Security, Hot News, Performance and Legal Change. You can select a note from the available categories to view the details. CVE, CVSS and vector information is provided for SAP Security Notes.
Maintenance Planner can track the implementation lifecycle of notes using the Processing Status option. The following values are supported for the option:
Transferring: Note is transferred for implementation In Progress: Note implementation is in progress Not Relevant: Invalid or irrelevant note for the system
A Comments field is also included for users to provide additional information related to the implementation status of each note.
Maintenance Planner provides an alternative to System Recommendations for discovering and managing required notes in SAP systems. However, unlike System Recommendations, Maintenance Planner does not identify SAP HANA, Web Dispatcher and platform-related notes. Also, it does not integrate with Change Request Management (ChaRM), Usage and Procedure Logging (UPL), ABAP Call Monitor (SCMON), and Solution Documentation for the full lifecycle management of notes and automated change impact analysis to support test planning.
Hot news note 3089413 patches a critical capture-replay vulnerability that can lead to authentication bypass in SAP NetWeaver Application Server ABAP (AS ABAP). The vulnerability is caused by the failure to use unique hashes for system identification. Note 3089413 includes corrections for the SAP kernel and the SAP Basis component. The corrections must be applied in both trusting and trusted systems.
Hot news note 3268093 deals with a broken authentication vulnerability in SAP NetWeaver Application Server Java (AS Java). An unauthenticated attacker can attach to an open interface and exploit an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data. This could allow the attacker to gain full read access to user data, modify data and disrupt the availability of services within the system. The correction removes public access to basicadmin and adminadapter services and introduces authentication and authorization for the relevant objects. The required permissions are automatically assigned to the Administrator, NWA_SUPERADMIN, and NWA_READONLY roles by the corrections.
Note 3243924 patches a high-risk insecure deserialization of untrusted data vulnerability in SAP BusinessObjects Business Intelligence (BOBJ). Authenticated attackers with minimal privileges can intercept and modify serialized objects in the Central Management Console and BI LaunchPad of BOBJ. Note 3243924 restricts deserialization to specific internal classes. The note also includes instructions for a workaround that involves removing the vulnerable code in specific files.
Other important notes include 3262810 and 3275391 for code injection and SQL injection vulnerabilities in the Analysis Edition for OLAP in BOBJ and SAP Business Planning and Consolidation, respectively.
SAP Focused Run provides real-time application monitoring, alerting and analytics for large-scale SAP landscapes and hosting providers. It leverages SAP HANA to support centralized monitoring for up to thousands of systems in high-volume environments. Focused Run is intended to complement Solution Manager in SAP landscapes by substituting configuration, integration, system, and user monitoring scenarios from SolMan. Solution Manager is required for all other scenarios including change management, patch management, custom code management, business process monitoring, service management, and test management.
This article explores the alerting capabilities of SAP Focused Run using the workgroups Advanced System Management and Advanced Event & Alert Management.
Similar to SAP Solution Manager, Focused Run includes preconfigured monitoring templates and data providers for SAP platforms and solutions including ABAP, HANA, and Java. It also includes database and host templates for monitoring SAP infrastructure. The standard metrics and alerts within the SAP-delivered templates include content for monitoring the availability and performance of SAP applications, components, agents, interfaces and infrastructure.
The Cybersecurity Extension for SAP extends the coverage of SAP Focused Run to include security monitoring. The SAP-certified addon provides more than 500 metrics and alerts for detecting indicators of compromise in SAP logs. This includes ABAP logs such as the Security Audit Log, Gateway Server Log, HTTP Log, System Log, Transaction Log, Read Access Log, and Change Documents. It also includes support for the Audit Log in HANA platforms. The current version of the Cybersecurity Extension for SAP supports ABAP and HANA platforms. Future releases are expected to support Java systems and operating system logs in Linux hosts.
Alerts can be accessed using Alert Management in the Advanced Event & Alert Management workgroup.
Focused Run supports the grouping of systems into Customer IDs. This can be used to segment results for business units. Alert Management will summarize the results for the Customer IDs selected during the initial selection screen.
You can select the list view to display the current alerts.
You can open and view the details of alerts in the list. The example below is an alert triggered in a managed system for changes performed for the roles assigned to the standard SAP* user.
The Metrics tab includes information related to underlying event including the event timestamp, source IP, target IP, and user information. This information can be automatically integrated with Security Information Event Management (SIEM) systems. Notifications can be also sent for alerts through email or SMS using the Send Notification option in the Actions menu.
Alert Reporting in Alert Management provides a dashboard for monitoring alerts by date, category and systems.
Alerts can be also managed using System Monitoring in the Advanced System Management workgroup.
System Monitoring includes an Alert Ticker in the right pane that displays the latest alerts in real time.
The application also includes a hierarchal view for displaying alerts by managed object type including systems, application servers, instances, databases and hosts.
The Cybersecurity Extension for SAP provides an alternative to SAP Code Vulnerability Analyzer (CVA) for SAP vulnerability management, threat detection, and custom code security. The Cybersecurity Extension for SAP is developed by Layer Seven Security. Layer7 is an SAP partner and competitor of SAP CVA. This guide will help you plan for the transition from SAP CVA to the Cybersecurity Extension for SAP. Once you have transitioned from SAP CVA, you can remove the SAP CVA consoles and sensors from your SAP landscape, as well as the SAP CVA users and addons in your SAP systems.
Unlike SAP CVA, the Cybersecurity Extension for SAP is an addon for SAP Solution Manager. Solution Manager is a monitoring and diagnostics platform widely used by SAP customers for application lifecycle management. Over 12,000 SAP customers worldwide are actively using Solution Manager to manage their SAP systems. Usage rights for Solution Manager are included in SAP support.
The Cybersecurity Extension for SAP requires the standard setup of Solution Manager. This guide will help you review your Solution Manager setup and prepare your platform to ensure a smooth transition from SAP CVA to the Cybersecurity Extension for SAP.
Check central system
The Cybersecurity Extension for SAP applies code vulnerability checks using the ABAP Test Cockpit (ATC). A central check system is recommended for the ATC. The central system performs code analysis for remote systems. Please refer to the SAP guidelines for configuring a central system for your landscape. The latest version of the SAP Basis component is recommended for the central system to analyze custom code in systems with lower versions.
The Cybersecurity Extension for SAP provides an alternative to SAP Code Vulnerability Analyzer (CVA) for SAP vulnerability management, threat detection, and custom code security. The Cybersecurity Extension for SAP is developed by Layer Seven Security. Layer7 is an SAP partner and competitor of SAP CVA. This guide will help you plan for the transition from SAP CVA to the Cybersecurity Extension for SAP. Once you have transitioned from SAP CVA, you can remove the SAP CVA consoles and sensors from your SAP landscape, as well as the SAP CVA users and addons in your SAP systems.
Unlike SAP CVA, the Cybersecurity Extension for SAP is an addon for SAP Solution Manager. Solution Manager is a monitoring and diagnostics platform widely used by SAP customers for application lifecycle management. Over 12,000 SAP customers worldwide are actively using Solution Manager to manage their SAP systems. Usage rights for Solution Manager are included in SAP support.
The Cybersecurity Extension for SAP requires the standard setup of Solution Manager. This guide will help you review your Solution Manager setup and prepare your platform to ensure a smooth transition from SAP CVA to the Cybersecurity Extension for SAP.
Check target system software versions
The Cybersecurity Extension for SAP supports monitoring for ABAP, HANA and Java systems, as well as the SAProuter and Web Dispatcher. Please confirm the target systems meet the minimum requirements below. All versions of the SAProuter and Web Dispatcher are supported.
ABAP: SAP Basis 7.00, SP00 HANA: Version 1.0, SP08 Java: SAP NetWeaver 7.0 Enhancement Package 1 (7.01)
The Cybersecurity Extension for SAP provides an alternative to SAP Code Vulnerability Analyzer (CVA) for SAP vulnerability management, threat detection, and custom code security. The Cybersecurity Extension for SAP is developed by Layer Seven Security. Layer7 is an SAP partner and competitor of SAP CVA. This guide will help you plan for the transition from SAP CVA to the Cybersecurity Extension for SAP. Once you have transitioned from SAP CVA, you can remove the SAP CVA consoles and sensors from your SAP landscape, as well as the SAP CVA users and addons in your SAP systems.
Unlike SAP CVA, the Cybersecurity Extension for SAP is an addon for SAP Solution Manager. Solution Manager is a monitoring and diagnostics platform widely used by SAP customers for application lifecycle management. Over 12,000 SAP customers worldwide are actively using Solution Manager to manage their SAP systems. Usage rights for Solution Manager are included in SAP support.
The Cybersecurity Extension for SAP requires the standard setup of Solution Manager. This guide will help you review your Solution Manager setup and prepare your platform to ensure a smooth transition from SAP CVA to the Cybersecurity Extension for SAP.
Check System Monitoring
The Cybersecurity Extension for SAP requires the completion of System Monitoring in Application Operations. Execute transaction SOLMAN_SETUP or navigate to work center SAP Solution Manager Configuration – Configuration (All Scenarios). Click on System Monitoring in Application Operations. Confirm the status of all steps in System Monitoring is green (completed). Follow the guided procedures for System Monitoring to perform steps that are red or yellow (incomplete).
The Cybersecurity Extension for SAP provides an alternative to SAP Code Vulnerability Analyzer (CVA) for SAP vulnerability management, threat detection, and custom code security. The Cybersecurity Extension for SAP is developed by Layer Seven Security. Layer7 is an SAP partner and competitor of SAP CVA. This guide will help you plan for the transition from SAP CVA to the Cybersecurity Extension for SAP. Once you have transitioned from SAP CVA, you can remove the SAP CVA consoles and sensors from your SAP landscape, as well as the SAP CVA users and addons in your SAP systems.
Unlike SAP CVA, the Cybersecurity Extension for SAP is an addon for SAP Solution Manager. Solution Manager is a monitoring and diagnostics platform widely used by SAP customers for application lifecycle management. Over 12,000 SAP customers worldwide are actively using Solution Manager to manage their SAP systems. Usage rights for Solution Manager are included in SAP support.
The Cybersecurity Extension for SAP requires the standard setup of Solution Manager. This guide will help you review your Solution Manager setup and prepare your platform to ensure a smooth transition from SAP CVA to the Cybersecurity Extension for SAP.
Check Managed System Configuration
The Cybersecurity Extension for SAP requires the completion of Managed System Configuration for each target system. Execute transaction SOLMAN_SETUP or navigate to work center SAP Solution Manager Configuration – Configuration (All Scenarios). Click on Managed System Configuration in Cross Scenario Configuration. Highlight a relevant system in the Technical Systems tab and select Configure System – Full Configuration. Confirm the status of all steps in Managed System Configuration is green (completed). Follow the guided procedures for Managed System Configuration to perform steps that are red or yellow (incomplete).
The following Automatic and Manual Activities are not required in Finalize Configuration:
Setup Single Sign-On Activate E2E Trace Upload Service Introscope Host Adaptor Apply Settings for EWA Monitoring Byte Code Adaptor Installation (Java Systems) Enable Remote R/3 Connection
The status of the steps Maintain Users, Finalize Configuration and Check Configuration can be yellow.
The Cybersecurity Extension for SAP provides an alternative to SAP Code Vulnerability Analyzer (CVA) for SAP vulnerability management, threat detection, and custom code security. The Cybersecurity Extension for SAP is developed by Layer Seven Security. Layer7 is an SAP partner and competitor of SAP CVA. This guide will help you plan for the transition from SAP CVA to the Cybersecurity Extension for SAP. Once you have transitioned from SAP CVA, you can remove the SAP CVA consoles and sensors from your SAP landscape, as well as the SAP CVA users and addons in your SAP systems.
Unlike SAP CVA, the Cybersecurity Extension for SAP is an addon for SAP Solution Manager. Solution Manager is a monitoring and diagnostics platform widely used by SAP customers for application lifecycle management. Over 12,000 SAP customers worldwide are actively using Solution Manager to manage their SAP systems. Usage rights for Solution Manager are included in SAP support.
The Cybersecurity Extension for SAP requires the standard setup of Solution Manager. This guide will help you review your Solution Manager setup and prepare your platform to ensure a smooth transition from SAP CVA to the Cybersecurity Extension for SAP.
Check Basic Configuration
The Cybersecurity Extension for SAP requires the completion of Basic Configuration in Mandatory Configuration. Execute transaction SOLMAN_SETUP or navigate to work center SAP Solution Manager Configuration – Configuration (All Scenarios). Click on Basic Configuration in Cross Scenario Configuration – Mandatory Configuration. Confirm the status of all steps in Basic Configuration is green (completed). Follow the guided procedures for Basic Configuration to perform steps that are red or yellow (incomplete).
The Cybersecurity Extension for SAP provides an alternative to SAP Code Vulnerability Analyzer (CVA) for SAP vulnerability management, threat detection, and custom code security. The Cybersecurity Extension for SAP is developed by Layer Seven Security. Layer7 is an SAP partner and competitor of SAP CVA. This guide will help you plan for the transition from SAP CVA to the Cybersecurity Extension for SAP. Once you have transitioned from SAP CVA, you can remove the SAP CVA consoles and sensors from your SAP landscape, as well as the SAP CVA users and addons in your SAP systems.
Unlike SAP CVA, the Cybersecurity Extension for SAP is an addon for SAP Solution Manager. Solution Manager is a monitoring and diagnostics platform widely used by SAP customers for application lifecycle management. Over 12,000 SAP customers worldwide are actively using Solution Manager to manage their SAP systems. Usage rights for Solution Manager are included in SAP support.
The Cybersecurity Extension for SAP requires the standard setup of Solution Manager. This guide will help you review your Solution Manager setup and prepare your platform to ensure a smooth transition from SAP CVA to the Cybersecurity Extension for SAP.
Check Infrastructure Preparation
The Cybersecurity Extension for SAP requires the completion of Infrastructure Preparation in Mandatory Configuration. Execute transaction SOLMAN_SETUP or navigate to work center SAP Solution Manager Configuration – Configuration (All Scenarios). Click on Infrastructure Preparation in Cross Scenario Configuration – Mandatory Configuration. Confirm the status of all steps in Infrastructure Preparation is green (completed). Follow the guided procedures for Infrastructure Preparation to perform steps that are red or yellow (incomplete). Note, ISAGENT installation for Wiley Introscope and CA Introscope are not required.
