Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

SAP Security Notes, October 2023

Posted on
Hot news note 3340576 patches a critical missing authorization check in the SAP Common Cryptographic Library (CommonCryptoLib) that could enable attackers to escalate privileges. CommonCryptoLib is installed in multiple SAP products including SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise, as well as SAP HANA Database, SAP Web Dispatcher, …
Read Article SAP Security Notes, October 2023

Maximize Your SAP Security Budget: How to Cut Costs Without Downgrading Cybersecurity

Posted on
According to a recent report from SAPinsider, almost two-thirds of organizations are placing cybersecurity projects on hold or scaling back planned investments in cybersecurity due to the current economic climate. 18 percent of organizations are reducing the size of cybersecurity teams. The latter can have a drastic effect on collaboration and morale. The impact is …
Read Article Maximize Your SAP Security Budget: How to Cut Costs Without Downgrading Cybersecurity

SAP Security Notes, September 2023

Posted on
Hot news notes 3245526 and 3320355 patch critical code injection and information disclosure vulnerabilities in SAP BusinessObjects Intelligence Platform (BOBJ). Note 3245526 was re-released in September with updated support package and patch level details. The note patches a command injection vulnerability that can be exploited to escalate privileges in the platform. The vulnerability impacts the …
Read Article SAP Security Notes, September 2023

Layer Seven Security Release Updated Ransomware Guide for SAP

Posted on
Earlier this month, MGM Resorts reported a major cyber attack that severely disrupted its operations including online and payment processing systems. Threat actors are reported to have breached MGM’s network and systems and exfiltrated several terabytes of sensitive data. The company was forced to shut down several key systems as it worked with law enforcement …
Read Article Layer Seven Security Release Updated Ransomware Guide for SAP

What to Expect in the Cybersecurity Extension for SAP Version 5.0

Posted on
Version 5.0 of the Cybersecurity Extension for SAP (CES) is scheduled for general availability in September. It includes several enhancements, configuration checks and new patterns to improve vulnerability management and threat detection for SAP solutions. This article discusses some of the key changes. Trend AnalysisTrend Analysis is a new application in CES that tracks changes …
Read Article What to Expect in the Cybersecurity Extension for SAP Version 5.0

SAP Security Notes, August 2023

Posted on
Hot news note 3341460 patches multiple critical vulnerabilities in the data modelling and management solution SAP PowerDesigner. This includes an access control vulnerability for CVE-2023-37483 that has a CVSS score of 9.8/10. The vulnerability can be exploited by attackers to execute arbitrary queries against back-end databases via proxies. It also includes an information disclosure vulnerability …
Read Article SAP Security Notes, August 2023

New SEC Rules For Cybersecurity Incident and Risk Management Disclosures

Posted on
The Securities and Exchange Commission (SEC) issued a final rule on July 26, 2023 that will require public companies to disclose material cybersecurity incidents on Form 8-K within four business days of discovery. In addition, the SEC will now require public companies to disclose on an annual basis in Form 10-K their process for assessing, …
Read Article New SEC Rules For Cybersecurity Incident and Risk Management Disclosures

SAP Security Notes, July 2023

Posted on
Hot news note 3350297 for a critical OS command injection vulnerability in SAP ECC and S/4HANA was re-released with instructions for confirming the prerequisites for the note. The IS-OIL component must be enabled in order for the note to be applicable. The note includes instructions for checking whether the component and supporting switches are enabled …
Read Article SAP Security Notes, July 2023

How to Discover Actively Exploited Vulnerabilities in Your SAP Systems

Posted on
SAP systems have a wide attack surface. Threat actors can enumerate and exploit multiple known vulnerabilities in SAP components and programs to compromise SAP solutions. Automated vulnerability scans often reveal hundreds of weaknesses in SAP systems. Remediating each vulnerability requires extensive planning and testing for each impacted system.  Most organizations do not have the resources …
Read Article How to Discover Actively Exploited Vulnerabilities in Your SAP Systems

SAP Security Notes, June 2023

Posted on
Notes 3324285 and 3326210 patch high priority vulnerabilities in SAP UI5. The former applies input validation to block the storage and reading of malicious scripts that could lead to cross-site scripting. The latter introduces additional restrictions to prevent the injection of untrusted CSS that can be exploited to perform clickjacking exploits. Note 3326210 includes a …
Read Article SAP Security Notes, June 2023

Security Patching for SAP Solutions

Posted on
The risk of unpatched systems is consistently reported as one of the top three threats to SAP systems in every survey of SAP customers performed by SAPinsider since 2021. Regularly implementing SAP security notes is reported as the most significant action performed by organizations to secure their SAP solutions. Security notes provide include corrections for …
Read Article Security Patching for SAP Solutions

Cybersecurity Threats to SAP Systems Report

Posted on
Earlier this month, SAPinsider released the 2023 Cybersecurity Threats to SAP Systems Report. Co-sponsored by Layer Seven Security, the report is based on the findings of a survey of more than 205 security professionals in North America, EMEA, APJ, and LATAM, representing SAP customers across nine industries. The report revealed several trends in 2023 compared …
Read Article Cybersecurity Threats to SAP Systems Report

SAP Security Notes, May 2023

Posted on
Hot news note 3307833 patches a critical information disclosure vulnerability in SAP BusinessObjects Business Intelligence (BOBJ) platform. The vulnerability can be exploited by authenticated threat actors with administrator privileges to compromise the login token of any logged-in BI user or server over the network. The login ticket can be used to access the platform with …
Read Article SAP Security Notes, May 2023

Is SAP ASE the Most Vulnerable Point in Your SAP Landscape?

Posted on
SAP Adaptive Server Enterprise (ASE) is a widely-used relational database server for SAP solutions. As part of the drive to HANA, SAP is expected to withdraw support for third party databases including Oracle, IBM and Microsoft. Standard support for Oracle 19c, for example, will end in April 2024. Oracle 19c is the highest release of …
Read Article Is SAP ASE the Most Vulnerable Point in Your SAP Landscape?

SAP Security Notes, April 2023

Posted on
Hot news note 3305369 patches missing authentication check and code injection vulnerabilities in the SAP Diagnostics Agent. The note removes the EventLogServiceCollector and OSCommand Bridge components from the Agent to address the vulnerability. The patch does not effect metric data collection for data collectors that use the Agent. However, it will disable metric testing. Hot …
Read Article SAP Security Notes, April 2023

What’s New in the Cybersecurity Extension for SAP

Posted on
The new release of the Cybersecurity Extension for SAP (CES) is scheduled for general availability on April 24. It includes several important enhancements, configuration checks and patterns for threat detection to further protect SAP solutions from advanced cyber threats. The prior release of the CES provided capabilities for SAP customers to automatically discover and remove …
Read Article What’s New in the Cybersecurity Extension for SAP

SAP Security Notes, March 2023

Posted on
Hot news note 3273480 was updated in March for SP026 of NetWeaver Application Server Java (AS Java) 7.50. The note deals with a critical SQL injection vulnerability that can be exploited by unauthenticated attackers that attach to an open interface exposed through JNDI by User Defined Search (UDS) of AS Java. The fix included in …
Read Article SAP Security Notes, March 2023

Configuration and Security Analytics with SAP Focused Run

Posted on
SAP Focused Run supports real-time monitoring for high-volume SAP landscapes and customers with advanced requirements for system management, user and integration monitoring, and vulnerability management. Configuration and Security Analytics (CSA) in SAP Focused Run applies security policies to  discover vulnerabilities in SAP systems. The policies read the contents of configuration, software and user-related stores in …
Read Article Configuration and Security Analytics with SAP Focused Run

SAP Security Notes, February 2023

Posted on
Hot news note 3273480 was updated in February for a critical vulnerability that could enable attackers to compromise installations of NetWeaver Application Server Java (AS Java) via an open JNDI interface exposed through User Defined Search (UDS). The updates include corrections for side effects caused by the original fix for the vulnerability that implemented authorization …
Read Article SAP Security Notes, February 2023

Analyzing Security Notes with SAP Maintenance Planner

Posted on
Maintenance Planner is a cloud solution from SAP that supports the planning and administration of systems in SAP landscapes. It is the successor to Maintenance Optimizer and Landscape Planner and consolidates and simplifies tasks such as system installation, updates, upgrades and conversions. Maintenance Planner is hosted on the SAP Support Portal. It maintains an inventory …
Read Article Analyzing Security Notes with SAP Maintenance Planner

SAP Security Notes, January 2023

Posted on
Hot news note 3089413 patches a critical capture-replay vulnerability that can lead to authentication bypass in SAP NetWeaver Application Server ABAP (AS ABAP). The vulnerability is caused by the failure to use unique hashes for system identification. Note 3089413 includes corrections for the SAP kernel and the SAP Basis component. The corrections must be applied …
Read Article SAP Security Notes, January 2023

Security Alerting with SAP Focused Run

Posted on
SAP Focused Run provides real-time application monitoring, alerting and analytics for large-scale SAP landscapes and hosting providers. It leverages SAP HANA to support centralized monitoring for up to thousands of systems in high-volume environments. Focused Run is intended to complement Solution Manager in SAP landscapes by substituting configuration, integration, system, and user monitoring scenarios from …
Read Article Security Alerting with SAP Focused Run

SAP Security Notes, December 2022

Posted on
Hot news notes 3267780 and 3273480 patch critical broken authentication vulnerabilities in SAP NetWeaver Application Server Java (AS Java). Threat actors can exploit the vulnerabilities to attach to an open interface exposed through JNDI by the Messaging System and User Defined Search (UDS) of SAP NetWeaver AS Java. Once attached, they can make use of …
Read Article SAP Security Notes, December 2022

Securing the Journey to SAP S/4HANA

Posted on
Earlier this month, Layer Seven Security released the new whitepaper Securing the Journey to SAP S/4HANA: A Security Framework for S/4HANA Migrations. The whitepaper provides a comprehensive guide to S/4HANA security to support the transition from SAP ERP to S/4HANA. Mainstream maintenance for ERP will end in December 2027. Therefore, organizations must migrate to S/4HANA …
Read Article Securing the Journey to SAP S/4HANA