Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

SAP Security Notes, March 2023

Posted on
Hot news note 3273480 was updated in March for SP026 of NetWeaver Application Server Java (AS Java) 7.50. The note deals with a critical SQL injection vulnerability that can be exploited by unauthenticated attackers that attach to an open interface exposed through JNDI by User Defined Search (UDS) of AS Java. The fix included in …
Read Article SAP Security Notes, March 2023

Configuration and Security Analytics with SAP Focused Run

Posted on
SAP Focused Run supports real-time monitoring for high-volume SAP landscapes and customers with advanced requirements for system management, user and integration monitoring, and vulnerability management. Configuration and Security Analytics (CSA) in SAP Focused Run applies security policies to  discover vulnerabilities in SAP systems. The policies read the contents of configuration, software and user-related stores in …
Read Article Configuration and Security Analytics with SAP Focused Run

SAP Security Notes, February 2023

Posted on
Hot news note 3273480 was updated in February for a critical vulnerability that could enable attackers to compromise installations of NetWeaver Application Server Java (AS Java) via an open JNDI interface exposed through User Defined Search (UDS). The updates include corrections for side effects caused by the original fix for the vulnerability that implemented authorization …
Read Article SAP Security Notes, February 2023

Analyzing Security Notes with SAP Maintenance Planner

Posted on
Maintenance Planner is a cloud solution from SAP that supports the planning and administration of systems in SAP landscapes. It is the successor to Maintenance Optimizer and Landscape Planner and consolidates and simplifies tasks such as system installation, updates, upgrades and conversions. Maintenance Planner is hosted on the SAP Support Portal. It maintains an inventory …
Read Article Analyzing Security Notes with SAP Maintenance Planner

SAP Security Notes, January 2023

Posted on
Hot news note 3089413 patches a critical capture-replay vulnerability that can lead to authentication bypass in SAP NetWeaver Application Server ABAP (AS ABAP). The vulnerability is caused by the failure to use unique hashes for system identification. Note 3089413 includes corrections for the SAP kernel and the SAP Basis component. The corrections must be applied …
Read Article SAP Security Notes, January 2023

Security Alerting with SAP Focused Run

Posted on
SAP Focused Run provides real-time application monitoring, alerting and analytics for large-scale SAP landscapes and hosting providers. It leverages SAP HANA to support centralized monitoring for up to thousands of systems in high-volume environments. Focused Run is intended to complement Solution Manager in SAP landscapes by substituting configuration, integration, system, and user monitoring scenarios from …
Read Article Security Alerting with SAP Focused Run

SAP Security Notes, December 2022

Posted on
Hot news notes 3267780 and 3273480 patch critical broken authentication vulnerabilities in SAP NetWeaver Application Server Java (AS Java). Threat actors can exploit the vulnerabilities to attach to an open interface exposed through JNDI by the Messaging System and User Defined Search (UDS) of SAP NetWeaver AS Java. Once attached, they can make use of …
Read Article SAP Security Notes, December 2022

Securing the Journey to SAP S/4HANA

Posted on
Earlier this month, Layer Seven Security released the new whitepaper Securing the Journey to SAP S/4HANA: A Security Framework for S/4HANA Migrations. The whitepaper provides a comprehensive guide to S/4HANA security to support the transition from SAP ERP to S/4HANA. Mainstream maintenance for ERP will end in December 2027. Therefore, organizations must migrate to S/4HANA …
Read Article Securing the Journey to SAP S/4HANA

SAP Security Notes, November 2022

Posted on
Hot news note 3243924 for CVE-2022-41203 patches a critical vulnerability related to insecure deserialization of untrusted data in the Central Management Console (CMC) and BI Launchpad of SAP BusinessObjects Business Intelligence Platform (BOBJ). The vulnerability impacts versions 4.2 and 4.3 of BOBJ and can be exploited by threat actors to bypass authentication, inject malicious code, …
Read Article SAP Security Notes, November 2022

Securing Microsoft Platforms with the Cybersecurity Extension for SAP

Posted on
SAP systems consist of multiple integrated technological layers. SAP solutions comprise the application layer. The application layer is supported by database and operating system layers. The layers are closely integrated to form a software ecosystem linked through several connections including trust relationships that bond the layers to form an SAP system. The layers are more …
Read Article Securing Microsoft Platforms with the Cybersecurity Extension for SAP

SAP Security Notes, October 2022

Posted on
Hot news note 3239152 patches a critical URL redirection vulnerability in SAP Commerce Cloud. The vulnerability can be exploited to manipulate URLs and redirect users to logon pages controlled by threat actors. User submissions served by attacker-controlled servers can be used to steal logon credentials and hijack accounts. Note 3239152 includes a fix for specific …
Read Article SAP Security Notes, October 2022

Maintaining System Inventories with SAP Solution Manager

Posted on
Maintaining an accurate and complete inventory of SAP systems is an important requirement for cybersecurity. It enables organizations to assess and prioritize risk management, ensure systems are not accidentally overlooked and exposed to threats, plan and track maintenance activities such as upgrades to apply security patches, and recover rapidly from security incidents including data breaches …
Read Article Maintaining System Inventories with SAP Solution Manager

SAP Security Notes, September 2022

Posted on
Note 3237075 patches a high priority vulnerability in SAP GRC Access Control that could be exploited by attackers to access Firefighter sessions even after they are closed in the Firefighter Logon Pad. Firefighter IDs are dedicated user identities with elevated privileges that are activated when required and controlled through Emergency Access Management (EAM) in SAP …
Read Article SAP Security Notes, September 2022

Securing Custom SAPUI5 Applications using the Cybersecurity Extension for SAP

Posted on
SAPUI5 is the foundation of Fiori applications in SAP solutions such as SAP HANA and S/4HANA. It provides a HTML5 framework for developing flexible and user-friendly applications that perform consistently across all browsers, platforms, and devices, and integrate with ABAP programs using APIs such as OData services. The SAPUI5 library is based on the jQuery …
Read Article Securing Custom SAPUI5 Applications using the Cybersecurity Extension for SAP

SAP Security Notes, August 2022

Posted on
Note 3102769 was rereleased in August with updated solution information. The workaround detailed in the original note has been moved to the new note 3221696. The workaround provides steps for deactivating the SAP IKS component to address a high priority cross-site scripting (XSS) vulnerability in SAP Knowledge Warehouse. Note 3150454 was also updated to enforce …
Read Article SAP Security Notes, August 2022

SAP Security Notes, July 2022

Posted on
There were several high priority security notes released in July for multiple vulnerabilities in SAP Business One. Note 3212997 patches an information disclosure issue that arises during the integration between Business One and SAP HANA. The vulnerability can be exploited to access privileged account credentials through the HANA cockpit’s data volume. Customers can switch from …
Read Article SAP Security Notes, July 2022

SAP Security Notes, June 2022

Posted on
Note 3158375 patches a high priority vulnerability in the SAProuter that can be exploited by attackers to execute administration commands from remote clients. The SAProuter is designed to accept administration commands from local clients only. However, this restriction can be bypassed in installations with specific entries in the saprouttab, the root permission table for the …
Read Article SAP Security Notes, June 2022

30 Percent of Security Notes in System Recommendations are False Positives

Posted on
System Recommendations (SysRec) in SAP Solution Manager automatically calculates relevant security notes for SAP systems based on the available software and application components in each system. It provides a cross-system view for required notes using a customizable, user-friendly interface. The use of SysRec is recommended by SAP for the lifecycle management of notes. It connects …
Read Article 30 Percent of Security Notes in System Recommendations are False Positives

SAP Security Notes, May 2022

Posted on
Hot news note 3165801 patches a critical missing authorization check in SAP NetWeaver Application Server ABAP. The notes introduces an authorization check for object S_OC_SEND to prevent the transmission of the contents of ABAP list output from the System Menu via e-mail. The note impacts all versions of SAP_BASIS from 700 to 788. Notes 2756188 …
Read Article SAP Security Notes, May 2022

Security Analytics with SAP Focused Run

Posted on
SAP Focused Run delivers real-time application monitoring, alerting and analytics for large-scale SAP landscapes and hosting providers that need to monitor customer SAP installations from a central platform. It leverages the power of SAP HANA to support centralized monitoring for thousands of systems in high-volume environments. Focused Run is intended to complement SAP Solution Manager …
Read Article Security Analytics with SAP Focused Run

SAP Security Notes, April 2022

Posted on
The central note 3170990 consolidates security notes for the critical Spring4Shell vulnerability. Spring4Shell is addressed by CVE-2022-22965. This is related to a remote code execution vulnerability in the open-source Java Spring Framework. Successful exploitation requires Apache Tomcat for serving applications built as a WAR file. Notes 3189428, 3187290, 3189429, 3189635 and 3171258 patch Sping4Shell in …
Read Article SAP Security Notes, April 2022

Patch Your SAP Systems with SAP Solution Manager

Posted on
Regularly patching SAP systems is the single most important action you can take to secure business-critical SAP applications from cyber threats. Despite the concern surrounding zero-day vulnerabilities, every known SAP exploit targets existing vulnerabilities patched by SAP through security notes. In other words, there is no evidence of the exploitation of zero-day vulnerabilities for SAP …
Read Article Patch Your SAP Systems with SAP Solution Manager

SAP Security Notes, March 2022

Posted on
Note 3123396 patches SAP NetWeaver Application Server ABAP and the Web Dispatcher for CVE-2022-22536. This is related to the ICMAD (Internet Communication Manager Advanced Desync) vulnerability that was the subject of alerts from multiple threat intelligence agencies including CISA and CERT-EU. ICMAD is a memory corruption vulnerability that can be exploited through a single HTTP …
Read Article SAP Security Notes, March 2022