Layer Seven Security Blog
Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack
CrowdStrike Outage: Lessons Learned for SAP Solutions
The fallout of the recent worldwide systems outage has far-reaching consequences for cybersecurity. The outage is estimated to impact 8.5 million devices powered by Microsoft Windows operating systems. The cause of the outage is a corrupted update for an agent used for the Falcon security platform from CrowdStrike. Falcon uses a cloud architecture with servers, …
SAP Security Notes, July 2024
Note 3483344 addresses a high-risk missing authentication check in SAP Product Design Cost Estimation (PDCE), included in the S4CORE component of SAP S/4HANA. The vulnerability can be exploited to escalate privileges and read sensitive information. The correction included in the note deactivates the affected functions to remove the vulnerability. There is no workaround provided by …
Cybersecurity Extension for SAP with SAP Focused Run
SAP Focused Run (FRUN) is a Application Lifecycle Management (ALM) solution designed for real-time and high-volume system monitoring. It benefits from a more simplified and scalable architecture than other ALM platforms such as SAP Solution Manager (SolMan). Also, unlike SolMan, it runs exclusively with SAP HANA. System monitoring using FRUN is supported through the deployment …
SAP Security Notes, June 2024
Note 3460407 patches a high priority denial of service vulnerability in the Meta Model Repository of SAP NetWeaver Application Server Java (AS Java). The vulnerability impacts version 7.50 of the software component MMR_SERVER. There are no workarounds available. Note 3457592 deals with reflected and stored cross-site scripting vulnerabilities SAP Financial Consolidation reported in CVE-2024-37177 and …
Cybersecurity Extension for SAP version 5.1
S/4HANA Access Risk Analysis, SAP RISE Compliance, SAP ETD Benchmarking and More The new release of the Cybersecurity Extension for SAP is scheduled for general availability in May and includes several important enhancements. Version 5.1 includes coverage for critical access and segregation of duties in SAP S/4HANA. It performs more than 700 checks for access …
SAP Security Notes, May 2024
Hot news note 3448171 patches a critical file upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform. The correction delivered in the note changes the default configuration to prevent file uploads without signatures in the FILESYSTEM and SOMU_DB of the Content Repository. The workaround detailed in the note provides manual steps for applying …
Artificial Intelligence Exploits Vulnerabilities in Systems with a 87 percent Success Rate
Based on a newly-released paper published by researchers at the University of Illinois, AI agents can combine large language models with automation software to autonomously analyze and exploit security vulnerabilities. During the research, OpenAI’s GPT-4 large language model was able to successfully exploit 87 percent of vulnerabilities when provided with a CVE advisory describing the …
SAP Security Notes, April 2024
Note 3434839 deals with a high-priority security misconfiguration in the User Management Engine of SAP NetWeaver AS Java. User passwords created using self-registration are not subject to password complexity requirements defined in UME settings. The misconfiguration impacts version 7.50 of AS Java. The password policy can be enforced by updating the impacted software components to …
FBI and CISA Issue Alert for Threat Actors Actively Exploiting SQL Injection Vulnerabilities
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert this week to urge organizations to urgently address SQL injection vulnerabilities in software. The alert is based on recent exploits performed by the CL0P cybercrime group, also known as TA505. The Russian group has exploited SQL injection vulnerabilities …
SAP Security Notes, March 2024
Hot news note 3425274 deals with a critical code injection vulnerability in applications developed with SAP Build Apps. The note recommends rebuilding applications with version 4.9.145 or later. Hot news note 3433192 patches a code injection vulnerability in the Administrator Log Viewer plug-in of SAP NetWeaver AS Java. The plug-in allows threat actors with the …
Security Compliance for SAP RISE Solutions
S/4HANA and other ABAP systems provisioned by SAP for RISE customers are based on standard system builds. The builds include default settings to apply security by default based on hardening requirements and best practices. The settings are outlined in SAP Note 3250501 – Information on Mandatory Security Parameters & Hardening Requirements for ABAP systems in …
SAP Security Notes, February 2024
Hot news note 3420923 patches a critical code injection vulnerability in the Web Survey component of Application Basis. Prerequisite note 1110803 is required to apply the correction for versions 700-710 and note 1354949 is required for version 711. As a workaround, remote calls to function modules of CA-SUR can be restricted using authorization object S_RFC. …
SAP Cybersecurity Buyers Guide from SAPinsider
The SAP Cybersecurity Buyers Guide from SAPinsider provides a valuable, independent assessment of the capabilities of technology vendors and consultants for SAP security solutions and services. The guide reviews key solution providers and consultants in the cybersecurity domain for SAP. It performs a Vendor Capability Assessment across the following areas: Threat Intelligence and DetectionAccess and …
SAP Security Notes, January 2024
Hot news note 3412456 deals with a critical privilege escalation vulnerability impacting the development platforms SAP Business Application Studio, SAP Web IDE Full-Stack and SAP Web IDE for SAP HANA. Applications in the node.js JavaScript runtime environment are vulnerable to CVE-2023-49583. Applications developed using @sap/xssec library versions earlier than 3.6.0 and @sap/approuter versions earlier than …
SAP Solution Manager, Private Cloud Edition, for SAP RISE Customers
Usage rights for SAP Solution Manager are included in SAP support and maintenance agreements for on-premise SAP solutions. The rights include database licenses for SAP HANA and ASE. Customers with Enterprise Support agreements have usage rights for all functional areas of Solution Manager, whereas customers with Standard Support agreements have restricted rights that include commonly …
SAP Security Notes, December 2023
Hot news notes 3350297 and 3399691 patch a critical OS command injection vulnerability in SAP S/4HANA and ECC. The notes are only applicable for installations with active IS-OIL software components. You can use transaction SFW_BROWSER to check the status of the OIB_QCI and OI0_COMMON_2 switches in BUSINESS_FUNCTION_BASIS_COM and COMMODITY_MGMT_&_BULK_LOGISTIC. IS-OIL is active if both switches …
SAP Security Notes, November 2023
Hot News note 3355658 patches a critical missing authentication check vulnerability in SAP Business One. The vulnerability has a CVSS Base Score of 9.6/10 with a high impact to confidentiality, integrity and availability. SAP Business One allows read and write-access to SMB shared folders to anonymous users. The impacted components are the Crystal Reports (CR) …
Security with SAP RISE: A Shared Model of Responsibility
SAP RISE is a cloud-based service offering from SAP that includes the private edition of SAP S/4HANA Cloud at the core. As part of the offering, SAP maintains privately-managed, single-tenanted accounts for each customer with hyperscale providers including AWS, Azure and GCP. The accounts are fully managed by SAP. Therefore, SAP acts as a cloud …
SAP Security Notes, October 2023
Hot news note 3340576 patches a critical missing authorization check in the SAP Common Cryptographic Library (CommonCryptoLib) that could enable attackers to escalate privileges. CommonCryptoLib is installed in multiple SAP products including SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise, as well as SAP HANA Database, SAP Web Dispatcher, …
Maximize Your SAP Security Budget: How to Cut Costs Without Downgrading Cybersecurity
According to a recent report from SAPinsider, almost two-thirds of organizations are placing cybersecurity projects on hold or scaling back planned investments in cybersecurity due to the current economic climate. 18 percent of organizations are reducing the size of cybersecurity teams. The latter can have a drastic effect on collaboration and morale. The impact is …
SAP Security Notes, September 2023
Hot news notes 3245526 and 3320355 patch critical code injection and information disclosure vulnerabilities in SAP BusinessObjects Intelligence Platform (BOBJ). Note 3245526 was re-released in September with updated support package and patch level details. The note patches a command injection vulnerability that can be exploited to escalate privileges in the platform. The vulnerability impacts the …
Layer Seven Security Release Updated Ransomware Guide for SAP
Earlier this month, MGM Resorts reported a major cyber attack that severely disrupted its operations including online and payment processing systems. Threat actors are reported to have breached MGM’s network and systems and exfiltrated several terabytes of sensitive data. The company was forced to shut down several key systems as it worked with law enforcement …
What to Expect in the Cybersecurity Extension for SAP Version 5.0
Version 5.0 of the Cybersecurity Extension for SAP (CES) is scheduled for general availability in September. It includes several enhancements, configuration checks and new patterns to improve vulnerability management and threat detection for SAP solutions. This article discusses some of the key changes. Trend AnalysisTrend Analysis is a new application in CES that tracks changes …
SAP Security Notes, August 2023
Hot news note 3341460 patches multiple critical vulnerabilities in the data modelling and management solution SAP PowerDesigner. This includes an access control vulnerability for CVE-2023-37483 that has a CVSS score of 9.8/10. The vulnerability can be exploited by attackers to execute arbitrary queries against back-end databases via proxies. It also includes an information disclosure vulnerability …