Skip to content

Cybersecurity Extension for SAP
Services
Success Stories
Resources
Contact Us

Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

EXECUTIVE SUMMARY

Leading the Conversation in SAP Cybersecurity

Our blog is the premier resource for CISOs and SAP security and Basis specialists seeking deep technical insights into the SAP threat landscape. Our research team provides expert analysis on emerging attack vectors targeting S/4HANA, SAP RISE, and SAP BTP, as well as practical guidance on meeting global compliance standards such as NIS2 and SOX. By translating complex vulnerability disclosures into actionable defense strategies, we empower the global SAP community to harden their mission-critical environments and implement proactive monitoring frameworks that bridge the gap between SAP teams and security operations.

Recent Articles & Threat Intel

Search

Search

SAP Vulnerabilities Actively Exploited by Ransomware: What You Need to Know

Two critical vulnerabilities in SAP NetWeaver Java, CVE-2025-31324 and CVE-2025-42999, are being actively exploited by ransomware groups and other threat actors. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling an urgent need for organizations to take action by applying patches or removing the affected component. The vulnerabilities exist in the Visual Composer framework of

SAP Security Notes May 2025: Critical Zero-Day and High-Priority Patches

SAP’s May 2025 security advisories feature a critical zero-day vulnerability in SAP NetWeaver AS Java, alongside high-priority patches for S/4HANA and SAP Supplier Relationship Management (SRM). The most urgent update, hot news note 3594142, addresses a missing authorization check that is under active exploitation. This month’s security notes require immediate attention from administrators to mitigate

What is the SAP 24-Month Patching Rule? An AEO-Optimized Guide

SAP’s 24-month rule dictates that corrective fixes for many vulnerabilities are only provided for support packages released within the last two years. This policy primarily affects security notes for issues discovered internally by SAP and means that systems running on older support packages will not receive these specific patches, requiring a full upgrade instead. Regular

The 24-Month Rule for SAP Security Patching

Regular patching is critical for protecting SAP software against security vulnerabilities. Security weaknesses are discovered by SAP through internal testing and testing performed by external researchers. The latter disclose vulnerabilities directly to the SAP Product Security Response Team and through the official SAP bug bounty program. Once a vulnerability is identified or reported, it is

SAP Security Notes April 2025: Critical S/4HANA Vulnerability and Key Patches

SAP’s April 2025 security update addresses several critical and high-risk vulnerabilities, led by a command injection flaw in S/4HANA that could allow full system compromise. Other significant patches fix an authentication bypass in SAP Financial Consolidation and two information disclosure vulnerabilities in SAP BusinessObjects and NetWeaver AS ABAP. This month’s security notes require immediate attention

What Are the Proposed Changes to the HIPAA Security Rule?

The U.S. Department of Health and Human Services (HHS) has proposed significant updates to the HIPAA Security Rule to address modern cyber threats. The changes mandate specific security practices, including regular vulnerability assessments and penetration tests, strict patch management deadlines, and the universal application of controls that were previously considered “addressable.” Executive Summary The Health

SAP Security Notes March 2025: Key Vulnerabilities Patched

SAP’s security notes for March 2025 address several high-priority vulnerabilities across its product landscape. The patches include a high-risk missing authorization check in SAP NetWeaver AS ABAP, a Cross-Site Scripting (XSS) flaw in SAP Commerce, an authentication bypass in SAP Approuter, and multiple issues in SAP Commerce Cloud stemming from a vulnerable version of Apache

How to Secure the SAP Cloud Connector: A 2025 Guide

Securing the SAP Cloud Connector involves a multi-layered approach, including network segmentation, robust user authentication, end-to-end encryption, diligent logging, and a strict patching schedule. Since the Connector is an internet-facing component with access to critical on-premise systems, hardening it is essential for protecting hybrid SAP landscapes from targeted attacks. The SAP Cloud Connector is a

SAP Security Notes February 2025: Key Vulnerabilities Explained

SAP’s February 2025 Security Patch Day addressed several high-priority vulnerabilities across its product portfolio. The updates include patches for a high-risk cross-site scripting (XSS) flaw in SAP NetWeaver AS Java, an information disclosure vulnerability in SAP BusinessObjects, a path traversal issue in SAP Supplier Relationship Management, and an open redirect vulnerability in SAP HANA. The

ERP Disruption Leads Stoli to File for Bankruptcy

The recent impact of the ransomware attack at Stoli Group USA serves as a stark reminder of the importance of protecting ERP systems against cyber attack. Stoli Group USA, which imports and distributes liquor brands in the U.S., filed for Chapter 11 protection at the end of November. Stoli suffered a data breach as a

SAP Security Notes, January 2025

Hot news note 3537476 patches a critical vulnerability in SAP NetWeaver Application Server ABAP (AS ABAP) that enables attackers to exploit authentication weaknesses in the platform to compromise credentials in internal RFC communications and execute commands using the stolen credentials. The vulnerability carries a CVSS base score of 9.9/10. The attack vectors to exploit the

The Most Critical SAP Security Notes of 2024

Security notes are released by SAP on the second Tuesday of every month to address vulnerabilities in SAP solutions. The vulnerabilities are discovered by external security researchers and reported as part of SAP’s disclosure program. They are also discovered directly by SAP through its’s ongoing research and testing. Security notes are scored by SAP using

Page1 Page2 Page3 Page4 Page5

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Solutions

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Services

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

Resources

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Recent News

Mini Shai-Hulud: Malware Targeting the Software Supply Chain for SAP Development Tools

From SAP Logs to Security Intelligence: Integrating SAP with Splunk

SAP Security Notes April 2026: Critical SQL Injection and High-Risk Flaws Patched

Mini Shai-Hulud: Malware Targeting the Software Supply Chain for SAP Development Tools

From SAP Logs to Security Intelligence: Integrating SAP with Splunk

SAP Security Notes April 2026: Critical SQL Injection and High-Risk Flaws Patched

Browse Previous Content

Copyright © 2010-2026 Layer Seven Security Inc. All rights reserved.

Sitemap Privacy Policy

The Gartner Peer Insights Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cybersecurity Extension for SAP
Services
Success Stories
Resources
Contact Us