Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

The Most Critical SAP Security Notes of 2024

Posted on
Security notes are released by SAP on the second Tuesday of every month to address vulnerabilities in SAP solutions. The vulnerabilities are discovered by external security researchers and reported as part of SAP’s disclosure program. They are also discovered directly by SAP through its’s ongoing research and testing. Security notes are scored by SAP using …
Read Article The Most Critical SAP Security Notes of 2024

SAP Security Notes, December 2024

Posted on
Hot news note 3536965 addresses multiple high risk vulnerabilities in Adobe Document Services (ADS) of SAP NetWeaver Application Server for JAVA (AS Java). This includes vulnerabilities for Server-Side Request Forgery (SSRF) and information disclosure. ADS should be updated to the recommended patch levels detailed in the note. There are no workarounds provided by SAP. Note …
Read Article SAP Security Notes, December 2024

Buyers Guide to SAP Enterprise Threat Detection

Posted on
SAP Enterprise Threat Detection (ETD) is the premier solution from SAP for identifying and responding to cyber attacks in SAP applications. ETD collects and analyzes log data from SAP systems and uses predefined patterns to detect Indicators of Compromise (IOCs) and trigger alerts for suspected security incidents. ETD includes graphical tools to support log analysis …
Read Article Buyers Guide to SAP Enterprise Threat Detection

SAP Security Notes, November 2024

Posted on
Note 3520281 patches a high priority Cross-Site Scripting (XSS) vulnerability in the SAP Web Dispatcher. The vulnerability can be exploited by attackers to execute arbitrary code and fully compromise Web Dispatcher installations. The vulnerability impacts users accessing the administration UI with a browser. The administration UI can be disabled as a workaround. This can be …
Read Article SAP Security Notes, November 2024

Cybersecurity Extension for SAP, Version 5.2: Support for SAP BTP, Critical Access and SOD for SAP ECC, and More

Posted on
The new release of the Cybersecurity Extension for SAP is scheduled for general availability in October and includes several important enhancements. Version 5.2 includes 40+ alerts for security related incidents in SAP BTP. This includes application changes, remote logins, role changes, role grants to users, and cloud transports. The alerts monitor events logged in the …
Read Article Cybersecurity Extension for SAP, Version 5.2: Support for SAP BTP, Critical Access and SOD for SAP ECC, and More

SAP Security Notes, October 2024

Posted on
Hot news note 3479478 was updated for a critical missing authentication check in SAP BusinessObjects (BOBJ) Business Intelligence Platform. The vulnerability can be exploited to compromise logon tickets used for Single Sign-On. The update provides a fix for BOBJ 4.2 SP009. The notes includes details of a workaround that will disable trusted authentication in the …
Read Article SAP Security Notes, October 2024

SAP Security Notes, September 2024

Posted on
Note 3459935 was updated in September with revised solution details to patch a high priority information disclosure vulnerability in SAP Commerce Cloud. Some OCC API endpoints in SAP Commerce Cloud allow Personally Identifiable Information (PII) data, such as passwords, to be included in the request URL as query or path parameters. The impacted endpoints are …
Read Article SAP Security Notes, September 2024

New Whitepaper: NIS2 Compliance for SAP Solutions

Posted on
The Network and Information Security (NIS2) Directive takes effect on October 17 and imposes significant requirements on organizations for cybersecurity and incident reporting. NIS2 mandates strict standards for cybersecurity and incident reporting for organizations that are based in the European Union or provide services within the EU. It is targeted at essential and important organizations …
Read Article New Whitepaper: NIS2 Compliance for SAP Solutions

SAP Security Notes, August 2024

Posted on
Hot news note 3477196 deals with a critical Server-Side Request Forgery (SSRF) vulnerability in applications built with SAP Build Apps. SAP Build Apps are vulnerable to CVE-2024-29415 due to the use of an older version of an Nodejs library included in software components for AppGyver. AppGyver is an open-source development platform used by SAP Build …
Read Article SAP Security Notes, August 2024

CrowdStrike Outage: Lessons Learned for SAP Solutions

Posted on
The fallout of the recent worldwide systems outage has far-reaching consequences for cybersecurity. The outage is estimated to impact 8.5 million devices powered by Microsoft Windows operating systems. The cause of the outage is a corrupted update for an agent used for the Falcon security platform from CrowdStrike. Falcon uses a cloud architecture with servers, …
Read Article CrowdStrike Outage: Lessons Learned for SAP Solutions

SAP Security Notes, July 2024

Posted on
Note 3483344 addresses a high-risk missing authentication check in SAP Product Design Cost Estimation (PDCE), included in the S4CORE component of SAP S/4HANA. The vulnerability can be exploited to escalate privileges and read sensitive information. The correction included in the note deactivates the affected functions to remove the vulnerability. There is no workaround provided by …
Read Article SAP Security Notes, July 2024

Cybersecurity Extension for SAP with SAP Focused Run

Posted on
SAP Focused Run (FRUN) is a Application Lifecycle Management (ALM) solution designed for real-time and high-volume system monitoring. It benefits from a more simplified and scalable architecture than other ALM platforms such as SAP Solution Manager (SolMan). Also, unlike SolMan, it runs exclusively with SAP HANA. System monitoring using FRUN is supported through the deployment …
Read Article Cybersecurity Extension for SAP with SAP Focused Run

SAP Security Notes, June 2024

Posted on
Note 3460407 patches a high priority denial of service vulnerability in the Meta Model Repository of SAP NetWeaver Application Server Java (AS Java). The vulnerability impacts version 7.50 of the software component MMR_SERVER. There are no workarounds available. Note 3457592 deals with reflected and stored cross-site scripting vulnerabilities SAP Financial Consolidation reported in CVE-2024-37177 and …
Read Article SAP Security Notes, June 2024

SAP Security Notes, May 2024

Posted on
Hot news note 3448171 patches a critical file upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform. The correction delivered in the note changes the default configuration to prevent file uploads without signatures in the FILESYSTEM and SOMU_DB of the Content Repository. The workaround detailed in the note provides manual steps for applying …
Read Article SAP Security Notes, May 2024

Artificial Intelligence Exploits Vulnerabilities in Systems with a 87 percent Success Rate

Posted on
Based on a newly-released paper published by researchers at the University of Illinois, AI agents can combine large language models with automation software to autonomously analyze and exploit security vulnerabilities. During the research, OpenAI’s GPT-4 large language model was able to successfully exploit 87 percent of vulnerabilities when provided with a CVE advisory describing the …
Read Article Artificial Intelligence Exploits Vulnerabilities in Systems with a 87 percent Success Rate

SAP Security Notes, April 2024

Posted on
Note 3434839 deals with a high-priority security misconfiguration in the User Management Engine of SAP NetWeaver AS Java. User passwords created using self-registration are not subject to password complexity requirements defined in UME settings. The misconfiguration impacts version 7.50 of AS Java. The password policy can be enforced by updating the impacted software components to …
Read Article SAP Security Notes, April 2024

FBI and CISA Issue Alert for Threat Actors Actively Exploiting SQL Injection Vulnerabilities

Posted on
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert this week to urge organizations to urgently address SQL injection vulnerabilities in software. The alert is based on recent exploits performed by the CL0P cybercrime group, also known as TA505. The Russian group has exploited SQL injection vulnerabilities …
Read Article FBI and CISA Issue Alert for Threat Actors Actively Exploiting SQL Injection Vulnerabilities

SAP Security Notes, March 2024

Posted on
Hot news note 3425274 deals with a critical code injection vulnerability in applications developed with SAP Build Apps. The note recommends rebuilding applications with version 4.9.145 or later. Hot news note 3433192 patches a code injection vulnerability in the Administrator Log Viewer plug-in of SAP NetWeaver AS Java. The plug-in allows threat actors with the …
Read Article SAP Security Notes, March 2024

Security Compliance for SAP RISE Solutions

Posted on
S/4HANA and other ABAP systems provisioned by SAP for RISE customers are based on standard system builds. The builds include default settings to apply security by default based on hardening requirements and best practices. The settings are outlined in SAP Note 3250501 – Information on Mandatory Security Parameters & Hardening Requirements for ABAP systems in …
Read Article Security Compliance for SAP RISE Solutions

SAP Security Notes, February 2024

Posted on
Hot news note 3420923 patches a critical code injection vulnerability in the Web Survey component of Application Basis. Prerequisite note 1110803 is required to apply the correction for versions 700-710 and note 1354949 is required for version 711. As a workaround, remote calls to function modules of CA-SUR can be restricted using authorization object S_RFC. …
Read Article SAP Security Notes, February 2024

SAP Cybersecurity Buyers Guide from SAPinsider

Posted on
The SAP Cybersecurity Buyers Guide from SAPinsider provides a valuable, independent assessment of the capabilities of technology vendors and consultants for SAP security solutions and services. The guide reviews key solution providers and consultants in the cybersecurity domain for SAP. It performs a Vendor Capability Assessment across the following areas: Threat Intelligence and DetectionAccess and …
Read Article SAP Cybersecurity Buyers Guide from SAPinsider

SAP Security Notes, January 2024

Posted on
Hot news note 3412456 deals with a critical privilege escalation vulnerability impacting the development platforms SAP Business Application Studio, SAP Web IDE Full-Stack and SAP Web IDE for SAP HANA. Applications in the node.js JavaScript runtime environment are vulnerable to CVE-2023-49583. Applications developed using @sap/xssec library versions earlier than 3.6.0 and @sap/approuter versions earlier than …
Read Article SAP Security Notes, January 2024