Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

SAP Security Notes, January 2022

Posted on
Multiple Hot News notes were released in January as part of SAP’s continued efforts to patch solutions impacted by the critical Log4Shell vulnerability. This includes Process Orchestration (note 3130521), Data Intelligence (3130920) and Business One (3131740). The central note 3131047 consolidates patches for the remote code execution vulnerability in the vulnerable Apache Log4j 2 component. …
Read Article SAP Security Notes, January 2022

Whitepaper: Securing SAP Solutions from Log4Shell

Posted on
Log4JShell is one of the most dangerous security vulnerabilities in decades. It can be exploited remotely with minimal complexity and without authentication to execute arbitrary code that could lead to the complete compromise of vulnerable applications. Log4Shell impacts Log4J, a widely installed open-source Java logging utility. A dangerous zero-day remote code execution vulnerability in Log4J …
Read Article Whitepaper: Securing SAP Solutions from Log4Shell

SAP Security Notes, December 2021

Posted on
The central security note 3131047 consolidates Log4Shell patches for SAP products. Log4JShell is regarded as one of the most dangerous security vulnerabilities in decades. It can be exploited remotely with minimal complexity and without authentication to execute arbitrary code that could lead to the complete compromise of vulnerable applications. Log4Shell impacts Log4J, a widely installed …
Read Article SAP Security Notes, December 2021

Securing SAP Systems from Log4J Exploits

Posted on
The Cybersecurity and Infrastructure Security Agency (CISA) has designated the recent Log4J vulnerability as one of the most serious in decades and urged organizations to immediately address the vulnerability in applications.   Log4j is an open-source logging framework maintained by the Apache Foundation. The framework includes the API Java Naming and Directory Interface (JNDI). Strings …
Read Article Securing SAP Systems from Log4J Exploits

SAP Security Notes, November 2021

Posted on
Hot news note 3089831 was updated for a SQL Injection vulnerability in SAP NZDT Mapping Table Framework. SAP NZDT (Near Zero Downtime Technology) is a service that supports system conversion with minimal downtime. The vulnerability could enable attackers to access backend databases by executing malicious queries or inject code through vulnerable NZDT function modules. The …
Read Article SAP Security Notes, November 2021

CISA Issues Directive for Actively Exploited SAP Vulnerabilities

Posted on
The US Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 22-01 on November 3 to compel government departments and agencies to remediate specific vulnerabilities with known exploits. According to CISA, the vulnerabilities pose a significant risk to information systems. This includes several vulnerabilities for SAP applications that must be remediated by May 3, …
Read Article CISA Issues Directive for Actively Exploited SAP Vulnerabilities

SAP Security Notes, October 2021

Posted on
Hot News note 3097887 patches a broken authorization check in SAP NetWeaver AS ABAP and ABAP Platform. The vulnerability could be exploited by attackers with developer or administrator rights to transfer malicious code to vulnerable systems. This can be performed via a LEAVE PROGRAM statement in a specific report within the software logistics system. Note …
Read Article SAP Security Notes, October 2021

Security Monitoring with Focused Insights for SAP Solution Manager

Posted on
Focused Insights is an advanced dashboard framework that was previously available only for MaxAttention customers as part of the MaxAttention Next Generation Add-On (MANGO) but is now available for all SAP customers. Focused Insights can now be installed in SAP Solution Manager 7.2 without any additional SAP licensing or user and usage restrictions. Focused Insights …
Read Article Security Monitoring with Focused Insights for SAP Solution Manager

SAP Security Notes, September 2021

Posted on
Hot news note 3078609 patches a missing authorization check in the JMS Connector Service of SAP NetWeaver Application Server for Java. The vulnerability could be exploited to execute arbitrary code in the system remotely and without authentication. Hence, the note carries the maximum CVSS score of 10/10. A fix is included in the note but …
Read Article SAP Security Notes, September 2021

SAP Security Notes, August 2021

Posted on
Hot news note 3072955 patches a Server Side Request Forgery (SSRF) vulnerability in the Component Build Service of SAP NetWeaver Development Infrastructure (NWDI). The Component Build Service includes a vulnerable servlet that could be targeted to perform proxy attacks. The vulnerability has a CVSS score of 9.9/10 for NWDI installations exposed to the internet. The …
Read Article SAP Security Notes, August 2021

SAP Security Notes, July 2021

Posted on
Hot News Note 3007182 contains updated corrections for a broken authentication vulnerability in the SAP NetWeaver AS ABAP and ABAP Platform. The corrections improve the ability to distinguish between internal and external RFC and HTTP connections. This protects against external threat actors using credentials for internal communications.  Note 3007182 includes kernel patches for multiple kernel …
Read Article SAP Security Notes, July 2021

SAP Security Notes, June 2021

Posted on
Hot News note 3040210 patches a critical remote code execution vulnerability in Source Rules of SAP Commerce. The vulnerability affects both on-premise installations of SAP Commerce and SAP Commerce Cloud in the Public Cloud. SAP Commerce Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to …
Read Article SAP Security Notes, June 2021

Securing Software Supply Chains for SAP Systems

Posted on
Software supply chain attacks are advanced cyberattacks that target information systems through third party software. Threat actors compromise systems and data by exploiting software builds or interfaces for trusted software. This enables attackers to introduce malware without detection including backdoors. The recent software supply chain attack experienced by SolarWinds is widely regarded as one of …
Read Article Securing Software Supply Chains for SAP Systems

Webinar Playback: Protecting SAP Systems from Ransomware Attacks

Posted on
Ransomware is headline news, and recent attacks have demonstrated the devastating impact of attacks that target critical infrastructure. According to the Department of Homeland Security ransomware attacks have increased by 300% over the past year, impacting all industries and sectors. The average downtime from an attack is 21 days, but full recovery takes an average …
Read Article Webinar Playback: Protecting SAP Systems from Ransomware Attacks

SAP Security Notes, May 2021

Posted on
Note 3046610 patches a high priority code injection vulnerability in SAP NetWeaver Application Server ABAP (AS ABAP). Program RDDPUTJR may be executed by attackers to inject malicious code.  The note replaces the code of the report with an exit statement. The program can be deleted by the support packages included in the note.  Access to …
Read Article SAP Security Notes, May 2021

SAP Security Notes, April 2021

Posted on
Hot news note 2999854 was updated in April for a critical code injection vulnerability in SAP Business Warehouse and SAP BW/4HANA. BW and BW/4HANA allow a low privileged attacker to inject malicious code using a remote enabled function module over the network. Due to a lack of input validation, users granted RFC access to execute …
Read Article SAP Security Notes, April 2021

Cybersecurity Extension for SAP Identifies Signatures of Active SAP Cyberattacks

Posted on
Earlier this month, SAP issued a joint report with a security research firm to highlight active cyber threats targeting SAP applications. According to the report, there is conclusive evidence that attackers are actively targeting and exploiting unsecured SAP applications. The report also reveals that some SAP vulnerabilities are being weaponized in less than 72 hours …
Read Article Cybersecurity Extension for SAP Identifies Signatures of Active SAP Cyberattacks

SAP Security Notes, March 2021

Posted on
Hot news note 3022622 patches a critical code injection vulnerability in SAP Manufacturing Integration and Intelligence (MII). SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). Attackers can target this feature to inject malicious JSP code that include OS commands. The code and commands are …
Read Article SAP Security Notes, March 2021

Securing Linux Platforms for SAP HANA and S/4HANA

Posted on
SUSE Linux Enterprise Server (SLES) is the leading operating system for SAP HANA and SAP S/4HANA solutions, supporting 85 percent of HANA deployments worldwide. SLES for SAP Applications is optimized to support high availability and persistent memory and endorsed by SAP. Securing operating systems is a critical component of SAP system hardening. Vulnerable hosts can …
Read Article Securing Linux Platforms for SAP HANA and S/4HANA

SAP Security Notes, February 2021

Posted on
Hot News note 3014121 patches a critical remote code execution vulnerability in SAP Commerce. The Backoffice application in SAP Commerce enables certain users with required privileges to edit drools rules. An authenticated attacker with this privilege is able to inject malicious code in the drools rules, enabling the attacker to compromise the SAP host. This …
Read Article SAP Security Notes, February 2021

Layer Seven Security’s Cybersecurity Extension for SAP® Solutions Achieves SAP® Certification as Integrated with SAP NetWeaver®

Posted on
Toronto, Canada – March 8, 2021 – Layer Seven Security today announced its Cybersecurity Extension v3.4 for SAP® Solutions has achieved SAP®-certified integration with the SAP NetWeaver® technology platform.  The solution has been proven to integrate with SAP solutions, providing automated vulnerability management, threat detection and incident response for SAP applications and infrastructure. “We are delighted to …
Read Article Layer Seven Security’s Cybersecurity Extension for SAP® Solutions Achieves SAP® Certification as Integrated with SAP NetWeaver®