Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

SAP Security Notes, June 2019

Posted on
Note 2748699 provides instructions for securing the credentials of the standard user SM_EXTERN_WS in SAP Solution Manager. SM_EXTERN_WS is used by CA Introscope Enterprise Manager (EM) to collect monitoring metrics from mainly non-ABAP components in SAP landscapes. The metrics are collected via the Introscope Push web service. The credentials for SM_EXTERN_WS including the automatically generated …
Read Article

Webinar Playback: Holistic SAP Cybersecurity with CVA & SolMan

Posted on
Watch the playback of this month’s webinar to learn how you can implement holistic cybersecurity for your SAP systems with Code Vulnerability Analyzer and Solution Manager. CVA performs static code analysis to detect vulnerabilities in custom code. SAP Solution Manager detects vulnerabilities and threats in SAP systems including components such as the gateway server, message server …
Read Article

SAP Security Notes, May 2019

Posted on
Note 1408081 was updated in May in response to the recent 10KBLAZE exploits targeting vulnerabilities in the gateway server. The note includes revised instructions for maintaining access control lists in the gateway security files reg_info and sec_info for different kernel versions. The access control lists should be configured to control external server registrations and program …
Read Article

10KBLAZE: Secure Your Systems with SAP Solution Manager

Posted on
On May 2, the Department of Homeland Security issued an alert for SAP customers in response to the disclosure of new exploits targeting vulnerable SAP components. According to some reports, the so-called 10KBLAZE exploits could impact 90% of SAP installations worldwide. The exploits target misconfigurations in the gateway server and message server installed in most …
Read Article

Webinar: 10KBLAZE – Secure Your SAP Systems with CVA and SolMan

Posted on
According to a recent report, thousands of SAP installations may be vulnerable to 10KBLAZE exploits targeting SAP applications. Join SAP and Layer Seven Security to learn how to secure your SAP systems against the exploits with SAP Code Vulnerability Analyzer (CVA) and SAP Solution Manager. CVA performs static code analysis to detect vulnerabilities in custom …
Read Article

SAP Security Notes, April 2019

Posted on
Note 2747683 patches a vulnerability in the signature security mechanism of the Adapter Engine in SAP NetWeaver Process Integration (PI). The vulnerability could enable attackers to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. Such requests will be accepted by the PI Axis adapter even if the payload has …
Read Article

Securing Administrative Access in SAP AS Java

Posted on
The misuse of administrative privileges is a common method used by attackers to compromise applications and propagate attacks to connected systems. The elevated privileges granted to administrative accounts are a prized target for attackers and provide a fast path to accessing or modifying sensitive data, programs and system settings. User privileges for Java applications are …
Read Article

SAP Security Notes, March 2019

Posted on
Note 2764283 addresses an XML External Entity vulnerability in SAP HANA extended application services (XS), advanced. HANA XS does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space. Successful exploitation of the vulnerability could lead to the leading of arbitrary files in SAP servers or denial of …
Read Article

Code Vulnerability Management with SAP Solution Manager

Posted on
Custom Code Management (CCM) in SAP Solution Manager can enable you to take control of custom developments by providing transparency into custom objects in your SAP systems and analyzing the usage of custom code. It can also provide insights into security vulnerabilities in custom objects and packages. CCM provides an overview of the custom developments …
Read Article

SAP Security Notes, February 2019

Posted on
Hot News Note 2742027 patches a critical broken authentication check in SAP HANA Extended Application Services, advanced model. The vulnerability could lead to unauthorized administrative access and the exfiltration, modification or deletion of sensitive data in HANA XS. The vulnerability carries a CVSS score of 9.4/10. It ranks relatively low in terms of attack complexity …
Read Article

Cyber Espionage Warning: 30% Growth in Targeted Attacks

Posted on
The findings of the annual Internet Security Threat Report indicate that the number of organizations targeted by advanced hacking groups increased by almost one third between 2015 and 2018. The groups have not only substantially increased their cyber-espionage operations, they are also deploying increasingly sophisticated tactics against a growing number of sectors. National hacking groups such …
Read Article

SAP Security Notes, January 2019

Posted on
Hot News Note 2696233 deals with multiple vulnerabilities in the SAP Cloud Connector. The Connector is an agent that connects on premise systems with applications operating on the SAP Cloud Platform.  The agent supports HTTP, RFC, JDBC/ODBC and other connections between on-premise and cloud installations using reverse invoke without requiring inbound ports to be opened …
Read Article

Database Security with SAP Solution Manager

Posted on
Protecting SAP systems against cyber threats requires integrated measures applied not just within the SAP layer but across the technology stack including network, operating system, and database components.  As repositories of business-critical and sensitive information, databases warrant specific attention for hardening and monitoring efforts. This includes identifying and addressing configuration weaknesses, excessive privileges, and weak …
Read Article

SAP Security Notes, December 2018

Posted on
Hot News Note 2711425 patches a critical Cross-Site Scripting (XSS) vulnerability in SAP Hybris Commerce storefronts. The vulnerability could be exploited by attackers to modify web content and compromise user-related  authentication data. It affects versions 6.2 through 6.7 and 18.08 of SAP Hybris Commerce, including all but the latest patch releases. The vulnerability carries a …
Read Article

Layer Seven Security Recognized as an SAP Cybersecurity Leader

Posted on
Layer Seven Security has been named as the leading SAP cybersecurity provider in the 2018 Top 10 SAP Solution Providers. According to the source of the study,  Layer Seven Security provide a “unique and innovative approach to securing business-critical SAP systems against cyber threats”. The study recognizes Layer Seven as an “innovative force in the …
Read Article

Webinar Recording: Security Analytics with SAP Web Intelligence

Posted on
Watch the webinar replay to learn how to visualize security risks in your SAP systems using interactive reports in SAP Web Intelligence. Powered by the BusinessObjects platform, Web Intelligence connects directly to data sources in SAP Solution Manager to convey system vulnerabilities, missing security notes and open alerts using dynamic charts and graphs and detailed …
Read Article

SAP Security Notes, November 2018

Posted on
Hot News Note 2622660 includes critical security updates for web browser controls delivered with SAP Business Client. The Client provides a unified environment for SAP applications including Fiori, SAP GUI, and Web Dynpro.  It supports browser controls from Internet Explorer (IE) and Chrome for displaying HTML content. Security corrections for the WebBrowser control of the …
Read Article

Webinar: Security Analytics with SAP Web Intelligence

Posted on
Thu, Dec 13, 2018 11:00 AM – 12:00 PM EST Learn how to visualize security risks in your SAP systems using interactive reports in SAP Web Intelligence. Powered by the BusinessObjects platform, Web Intelligence connects directly to data sources in SAP Solution Manager to convey system vulnerabilities, missing security notes and open alerts using dynamic …
Read Article

Secure, Patch & Respond: Security Analytics with SAP Web Intelligence

Posted on
SAP Web Intelligence enables users to visualize and manage security risks in SAP systems using interactive reports delivered through an intuitive web interface. Powered by the BusinessObjects platform, Web Intelligence connects directly to data sources in SAP Solution Manager to convey system vulnerabilities, missing security notes and open alerts using dynamic charts and graphs and …
Read Article

SAP Security Notes, October 2018

Posted on
Hot News note 2654905 patches a high risk information disclosure vulnerability in the SAP BusinessObjects BI Suite. The execution of specific CMS queries on the Central Management Server could bypass authorization checks and lead to the leakage of sensitive data. The vulnerability scores 9.8/ 10 based on the Common Vulnerability Scoring System v3 (CVSS).  Patches …
Read Article

Coming Soon: Security Reporting with SAP Web Intelligence

Posted on
SAP Web Intelligence (WebI) provides a platform for self-service reporting that enables users to analyze and visualize data from SAP systems using an intuitive, interactive and web-based interface. WebI supports BEx queries to connect to security-related data in Business Warehouse within Solution Manager. Users can create dynamic reports with embedded dashboards to monitor and manage …
Read Article

How to Comply with the DHS Recommendations for Securing SAP Systems from Cyber Attacks

Posted on
In response to the dramatic rise of cyber attacks targeting ERP applications, the United States Department of Homeland Security (DHS) issued a warning earlier this year that encouraged organizations to respond to the risks targeted at their business applications by implementing specific measures to secure, patch and monitor SAP systems. The measures included scanning for …
Read Article

SAP Security Notes, September 2018

Posted on
Note 2681207 patches a high-risk missing XML validation vulnerability in Extended Application Services (XS) in SAP HANA. The OData parser in HANA XS does not sufficiently validate XML input from users. This can lead to the processing of malicious code that could provoke a denial of service in the database server. The vulnerability can be …
Read Article

SAP Security Notes, August 2018

Posted on
There were several high priority Security Notes released in August for vulnerabilities impacting multiple Business Intelligence applications. Note 2569748 patches an XML External Entity vulnerability in Crystal Reports for Enterprise. Note 2614229 deals with a memory corruption vulnerability in the BOBJ platform that can be triggered by a buffer overflow. Note 2644154 provides corrections for …
Read Article