Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

SAP Security Notes, May 2024

Posted on
Hot news note 3448171 patches a critical file upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform. The correction delivered in the note changes the default configuration to prevent file uploads without signatures in the FILESYSTEM and SOMU_DB of the Content Repository. The workaround detailed in the note provides manual steps for applying …
Read Article SAP Security Notes, May 2024

Artificial Intelligence Exploits Vulnerabilities in Systems with a 87 percent Success Rate

Posted on
Based on a newly-released paper published by researchers at the University of Illinois, AI agents can combine large language models with automation software to autonomously analyze and exploit security vulnerabilities. During the research, OpenAI’s GPT-4 large language model was able to successfully exploit 87 percent of vulnerabilities when provided with a CVE advisory describing the …
Read Article Artificial Intelligence Exploits Vulnerabilities in Systems with a 87 percent Success Rate

SAP Security Notes, April 2024

Posted on
Note 3434839 deals with a high-priority security misconfiguration in the User Management Engine of SAP NetWeaver AS Java. User passwords created using self-registration are not subject to password complexity requirements defined in UME settings. The misconfiguration impacts version 7.50 of AS Java. The password policy can be enforced by updating the impacted software components to …
Read Article SAP Security Notes, April 2024

FBI and CISA Issue Alert for Threat Actors Actively Exploiting SQL Injection Vulnerabilities

Posted on
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert this week to urge organizations to urgently address SQL injection vulnerabilities in software. The alert is based on recent exploits performed by the CL0P cybercrime group, also known as TA505. The Russian group has exploited SQL injection vulnerabilities …
Read Article FBI and CISA Issue Alert for Threat Actors Actively Exploiting SQL Injection Vulnerabilities

SAP Security Notes, March 2024

Posted on
Hot news note 3425274 deals with a critical code injection vulnerability in applications developed with SAP Build Apps. The note recommends rebuilding applications with version 4.9.145 or later. Hot news note 3433192 patches a code injection vulnerability in the Administrator Log Viewer plug-in of SAP NetWeaver AS Java. The plug-in allows threat actors with the …
Read Article SAP Security Notes, March 2024

Security Compliance for SAP RISE Solutions

Posted on
S/4HANA and other ABAP systems provisioned by SAP for RISE customers are based on standard system builds. The builds include default settings to apply security by default based on hardening requirements and best practices. The settings are outlined in SAP Note 3250501 – Information on Mandatory Security Parameters & Hardening Requirements for ABAP systems in …
Read Article Security Compliance for SAP RISE Solutions

SAP Security Notes, February 2024

Posted on
Hot news note 3420923 patches a critical code injection vulnerability in the Web Survey component of Application Basis. Prerequisite note 1110803 is required to apply the correction for versions 700-710 and note 1354949 is required for version 711. As a workaround, remote calls to function modules of CA-SUR can be restricted using authorization object S_RFC. …
Read Article SAP Security Notes, February 2024

SAP Cybersecurity Buyers Guide from SAPinsider

Posted on
The SAP Cybersecurity Buyers Guide from SAPinsider provides a valuable, independent assessment of the capabilities of technology vendors and consultants for SAP security solutions and services. The guide reviews key solution providers and consultants in the cybersecurity domain for SAP. It performs a Vendor Capability Assessment across the following areas: Threat Intelligence and DetectionAccess and …
Read Article SAP Cybersecurity Buyers Guide from SAPinsider

SAP Security Notes, January 2024

Posted on
Hot news note 3412456 deals with a critical privilege escalation vulnerability impacting the development platforms SAP Business Application Studio, SAP Web IDE Full-Stack and SAP Web IDE for SAP HANA. Applications in the node.js JavaScript runtime environment are vulnerable to CVE-2023-49583. Applications developed using @sap/xssec library versions earlier than 3.6.0 and @sap/approuter versions earlier than …
Read Article SAP Security Notes, January 2024

SAP Solution Manager, Private Cloud Edition, for SAP RISE Customers

Posted on
Usage rights for SAP Solution Manager are included in SAP support and maintenance agreements for on-premise SAP solutions. The rights include database licenses for SAP HANA and ASE. Customers with Enterprise Support agreements have usage rights for all functional areas of Solution Manager, whereas customers with Standard Support agreements have restricted rights that include commonly …
Read Article SAP Solution Manager, Private Cloud Edition, for SAP RISE Customers

SAP Security Notes, December 2023

Posted on
Hot news notes 3350297 and 3399691 patch a critical OS command injection vulnerability in SAP S/4HANA and ECC. The notes are only applicable for installations with active IS-OIL software components. You can use transaction SFW_BROWSER to check the status of the OIB_QCI and OI0_COMMON_2 switches in BUSINESS_FUNCTION_BASIS_COM and COMMODITY_MGMT_&_BULK_LOGISTIC. IS-OIL is active if both switches …
Read Article SAP Security Notes, December 2023

SAP Security Notes, November 2023

Posted on
Hot News note 3355658 patches a critical missing authentication check vulnerability in SAP Business One. The vulnerability has a CVSS Base Score of 9.6/10 with a high impact to confidentiality, integrity and availability. SAP Business One allows read and write-access to SMB shared folders to anonymous users. The impacted components are the Crystal Reports (CR) …
Read Article SAP Security Notes, November 2023

Security with SAP RISE: A Shared Model of Responsibility

Posted on
SAP RISE is a cloud-based service offering from SAP that includes the private edition of SAP S/4HANA Cloud at the core. As part of the offering, SAP maintains privately-managed, single-tenanted accounts for each customer with hyperscale providers including AWS, Azure and GCP. The accounts are fully managed by SAP. Therefore, SAP acts as a cloud …
Read Article Security with SAP RISE: A Shared Model of Responsibility

SAP Security Notes, October 2023

Posted on
Hot news note 3340576 patches a critical missing authorization check in the SAP Common Cryptographic Library (CommonCryptoLib) that could enable attackers to escalate privileges. CommonCryptoLib is installed in multiple SAP products including SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise, as well as SAP HANA Database, SAP Web Dispatcher, …
Read Article SAP Security Notes, October 2023

Maximize Your SAP Security Budget: How to Cut Costs Without Downgrading Cybersecurity

Posted on
According to a recent report from SAPinsider, almost two-thirds of organizations are placing cybersecurity projects on hold or scaling back planned investments in cybersecurity due to the current economic climate. 18 percent of organizations are reducing the size of cybersecurity teams. The latter can have a drastic effect on collaboration and morale. The impact is …
Read Article Maximize Your SAP Security Budget: How to Cut Costs Without Downgrading Cybersecurity

SAP Security Notes, September 2023

Posted on
Hot news notes 3245526 and 3320355 patch critical code injection and information disclosure vulnerabilities in SAP BusinessObjects Intelligence Platform (BOBJ). Note 3245526 was re-released in September with updated support package and patch level details. The note patches a command injection vulnerability that can be exploited to escalate privileges in the platform. The vulnerability impacts the …
Read Article SAP Security Notes, September 2023

Layer Seven Security Release Updated Ransomware Guide for SAP

Posted on
Earlier this month, MGM Resorts reported a major cyber attack that severely disrupted its operations including online and payment processing systems. Threat actors are reported to have breached MGM’s network and systems and exfiltrated several terabytes of sensitive data. The company was forced to shut down several key systems as it worked with law enforcement …
Read Article Layer Seven Security Release Updated Ransomware Guide for SAP

What to Expect in the Cybersecurity Extension for SAP Version 5.0

Posted on
Version 5.0 of the Cybersecurity Extension for SAP (CES) is scheduled for general availability in September. It includes several enhancements, configuration checks and new patterns to improve vulnerability management and threat detection for SAP solutions. This article discusses some of the key changes. Trend AnalysisTrend Analysis is a new application in CES that tracks changes …
Read Article What to Expect in the Cybersecurity Extension for SAP Version 5.0

SAP Security Notes, August 2023

Posted on
Hot news note 3341460 patches multiple critical vulnerabilities in the data modelling and management solution SAP PowerDesigner. This includes an access control vulnerability for CVE-2023-37483 that has a CVSS score of 9.8/10. The vulnerability can be exploited by attackers to execute arbitrary queries against back-end databases via proxies. It also includes an information disclosure vulnerability …
Read Article SAP Security Notes, August 2023

New SEC Rules For Cybersecurity Incident and Risk Management Disclosures

Posted on
The Securities and Exchange Commission (SEC) issued a final rule on July 26, 2023 that will require public companies to disclose material cybersecurity incidents on Form 8-K within four business days of discovery. In addition, the SEC will now require public companies to disclose on an annual basis in Form 10-K their process for assessing, …
Read Article New SEC Rules For Cybersecurity Incident and Risk Management Disclosures

SAP Security Notes, July 2023

Posted on
Hot news note 3350297 for a critical OS command injection vulnerability in SAP ECC and S/4HANA was re-released with instructions for confirming the prerequisites for the note. The IS-OIL component must be enabled in order for the note to be applicable. The note includes instructions for checking whether the component and supporting switches are enabled …
Read Article SAP Security Notes, July 2023

How to Discover Actively Exploited Vulnerabilities in Your SAP Systems

Posted on
SAP systems have a wide attack surface. Threat actors can enumerate and exploit multiple known vulnerabilities in SAP components and programs to compromise SAP solutions. Automated vulnerability scans often reveal hundreds of weaknesses in SAP systems. Remediating each vulnerability requires extensive planning and testing for each impacted system.  Most organizations do not have the resources …
Read Article How to Discover Actively Exploited Vulnerabilities in Your SAP Systems

SAP Security Notes, June 2023

Posted on
Notes 3324285 and 3326210 patch high priority vulnerabilities in SAP UI5. The former applies input validation to block the storage and reading of malicious scripts that could lead to cross-site scripting. The latter introduces additional restrictions to prevent the injection of untrusted CSS that can be exploited to perform clickjacking exploits. Note 3326210 includes a …
Read Article SAP Security Notes, June 2023