Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

SAP Security Notes, August 2017

Posted on
Note 2381071 patches a critical cross-site Ajax vulnerability in the Prototype JS library of BusinessObjects. Ajax is a method often used by JavaScripts to exchange data between servers and clients to update parts of web pages without refreshing or reloading entire pages.  This minimizes network bandwidth usage and also improves response times through rapid operations. …
Read Article

Discover Vulnerable System Connections with Interface Monitoring

Posted on
Interface Monitoring provides the answer to one of the most vexing questions in SAP security: where are our vulnerable cross-system connections and how do we monitor them to ensure they’re not abused by attackers? Although Interface Monitoring, also known as Interface Channel Monitoring or ICMon, has been available in SAP Solution Manager since version 7.10 …
Read Article

SAP Security Notes, July 2017

Posted on
Note 2442993 deals with a high-risk vulnerability in the Host Agent for SAP HANA. The Host Agent is automatically installed with every SAP instance on NetWeaver 7.02 and higher. The stand-alone component is used for controlling and monitoring SAP and non-SAP instances, databases and operating systems. Note 2442993 recommends upgrading to version 7.21 PL25 to …
Read Article

Q&A: Cybersecurity Monitoring with SAP Solution Manager

Posted on
How does Solution Manager detect threats and vulnerabilities in SAP systems? What specific applications in SolMan are used for vulnerability, patch and threat management? What are the requirements for using these areas? How long does it take to configure? What are the differences between monitoring using SolMan 7.1 and 7.2? What are the benefits of …
Read Article

SAP Security Notes, June 2017

Posted on
Note 2416119 was reissued in June with updated release information and solution instructions.  The note provides instructions for maintaining the property URLCheck ServerCertificate in Java Application Servers. The instructions are intended to mitigate the risk of man-in-the-middle attacks by securing client-server HTTPS connections. Certificates signed by Certificate Authorities should be maintained in client keystores to …
Read Article

A First Look at Support Pack 5 of SAP Solution Manager 7.2

Posted on
Released earlier this month, Support Pack 5 for SAP Solution Manager 7.2 delivers important enhancements in several key areas. This includes support for exporting and importing solution documentation between systems, improved SAP-delivered solution blueprints, and an enhanced graphical editor for mapping business processes. SP05 also introduces a new Fiori App for Quality Gate Management in …
Read Article

SAP Security Notes, May 2017

Posted on
Note 2380277 addresses a high priority memory corruption vulnerability in the GUI control component of the Internet Graphics Server (IGS). GUI control is a self-contained component of the presentation server in ABAP systems. The Note contains corrections for logical errors in memory management within the component. The errors could be exploited by attackers to extract …
Read Article

Discover, Implement and Test Security Notes using SAP Solution Manager 7.2

Posted on
The results of the recent Verizon DBIR revealed significant differences between industries in terms of vulnerability patching. Organizations in sectors such as information technology and manufacturing typically remove over 75% of vulnerabilities within 3 weeks of detection. At the other end of the spectrum, 75% or more of vulnerabilities discovered in financial and public sector …
Read Article

Highlights of the 2017 DBIR Report

Posted on
The Data Breach Investigations Report (DBIR) has chronicled the growth in security and data breaches for over a decade.  The findings of the most recent report released on April 27 are based on the analysis of more than 42,000 security incidents across a variety of industries and countries. For the first time, the DBIR examines …
Read Article

SAP Security Notes, April 2017

Posted on
Note 2419592 includes further corrections for a code injection vulnerability in TREX that was originally patched by SAP through Note 2234226 in February 2016. The vulnerability impacts the TREXNet protocol used for internal communications by TREX components and servers. TREXNet communication does not require any authentication. Therefore, the protocol can be abused to execute dangerous …
Read Article

Get Hands-On with SAP Solution Manager 7.2 at SAPPHIRE NOW + ASUG 2017

Posted on
Attending next month’s SAPPHIRE NOW and ASUG Annual Conference? Drop by booth #1280A for a live demonstration of security monitoring using SAP Solution Manager. Learn how to schedule Service Level Reports to automatically detect vulnerabilities in your SAP systems, enable Dashboards to monitor security KPIs, detect and apply security notes using System Recommendations, monitor system interfaces with Interface …
Read Article

SAP Security Notes, March 2017

Posted on
Note 2424173 deals with vulnerabilities in SAP HANA that were the subject of media attention in March. This includes coverage from the television news channel MSNBC. The vulnerabilities impact areas such as User Self Service Tools that support account-related tasks including password resets and self-registration through a web interface. The Note carries a CVSS of …
Read Article

Security KPI Monitoring with SolMan Dashboards

Posted on
SAP Fiori revolutionizes the user experience in Solution Manager 7.2. The dynamic tile-based layout replaces the work center approach in Solution Manager 7.1. In fact, since the Fiori launchpad provides direct and customizable access to applications, it virtually removes the role of work centers in Solution Manager.  Fiori and Fiori Apps are the first pillar …
Read Article

SAP Security Notes, February 2017

Posted on
Note 2410061 patches a dangerous Distributed Denial of Service (DDoS) vulnerability in the Data Orchestration Engine (DOE) Administration Portal. The DOE is used to access the SAP NetWeaver Mobile Administrator to manage and monitor mobile system landscapes. This includes connecting mobile clients, deploying agents and packages to mobile devices, managing single sign-on, and other tasks. …
Read Article

Explore Service Level Reporting in SolMan 7.2

Posted on
Service Level Reporting (SLR) in SAP Solution Manager performs regular checks against key performance indicators using information available from the EarlyWatch Alert (EWA), Business Warehouse (BW) and the Computer Center Management System (CCMS). The checks can be for single systems or systems grouped into solutions. Reports run automatically on a weekly or monthly schedule but …
Read Article

SAP Security Notes, January 2017

Posted on
Note 2407862 deals with a highly dangerous buffer overflow vulnerability in Sybase Software Asset Management (SySAM) that scores almost 10/10 using the Common Vulnerability Scoring System.  SySAM performs license management for products such as ASE, ESP, PowerDesigner and the Replication Server. The vulnerability arises from the Flexera Flexnet Publisher software bundled in SySAM. The third …
Read Article

Introducing the SAP Cybersecurity Framework 4.0

Posted on
Cyber attacks are at epidemic levels. According to research performed by 360 Security, there were over 85 billion attacks in 2015, equivalent to 2000 attacks per second. The cost of data breaches continues to grow, year after year, and reached record levels in 2016. Juniper Research estimate that average costs will exceed $150M within three …
Read Article

RFC Hacking: How to Hack an SAP System in 3 Minutes

Posted on
RFC exploits are hardly new. In fact, some of the well-known exploits demonstrated below are addressed by SAP Notes dating back several years. However, the disturbing fact is that the measures required to harden SAP systems against such exploits are not universally applied. As a result, many installations continue to be vulnerable to relatively simple …
Read Article

Introducing the New Dashboard Framework for SAP Solution Manager

Posted on
Earlier this year, SAP announced the general availability of Focused Insights, an enhanced dashboard framework for SAP Solution Manager. The framework was previously only available to MaxAttention customers as part of MaxAttention Next Generation Add-On (MANGO) services but is now available for all SAP customers. The dashboards aggregate real-time and historical data collected by Solution …
Read Article

Securing Your Business: Security at SAP

Posted on
In an open letter addressed to SAP customers earlier this year, SAP CEO Bill McDermott acknowledges the “tremendous concern around information security” given the “relentless and multiplying” threat presented by increasingly sophisticated attackers. The letter introduces the SAP paper Securing Your Business that discusses security trends and outlines SAP’s response to cyber threats. According to …
Read Article

Cybercrime Projected to Reach $2 Trillion by 2019

Posted on
According to a recent study from Juniper Research, the worldwide cost of data breaches will exceed $2 trillion by 2019. This is equivalent to 2.2% of forecast global GDP and represents a four-fold increase upon data breach costs in 2015. The average cost of data breaches will also increase to $150 million or 25 times …
Read Article

SAP CSO Recommends Solution Manager for Security Monitoring

Posted on
SAP Chief Security Officer, Justin Somaini, opened the first of a series of five webcasts from the America’s SAP User Group (ASUG) on the topic of SAP security. The series is intended to present SAP’s response to the growing concern over cybersecurity by discussing: The IT threat landscape and SAP’s approach to strategic security; Best-practices to safeguard both …
Read Article

Detecting SAP Cyber Attacks with SAP Solution Manager

Posted on
Despite the $75 billion spent by organizations on security software in 2015, average times to detection for cyber attacks are an astounding 170 days (DBIR, 2016). Most attacks therefore go undetected for almost six months. An incident response strategy can address this gap by enabling organizations to proactively discover and contain security incidents that could …
Read Article

SAP Security Notes – August 2016

Posted on
Note 2319506 addresses a blind SQL injection vulnerability in Database Monitors for Oracle. The vulnerability impacts all versions of SAP Basis and rates extremely high on the impact scale using the common vulnerability scoring system. Content-based and time-based blind SQL injection is used by attackers to determine when input is interpreted as a SQL statement. …
Read Article