Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

SAP Security Notes, May 2020

Posted on
Hot News Note 2835979 patches a critical code injection vulnerability in Service Data Download. The vulnerability can be exploited by attackers to inject malicious code into the ST-PI plugin for NetWeaver Application Server ABAP (AS ABAP). This could lead to the complete compromise of ABAP servers.  The vulnerability carries a base CVSS score of 9.9/10 …
Read Article SAP Security Notes, May 2020

Visualize Security Risks for SAP Systems with Threat Maps

Posted on
Threat Maps in SAP Solution Manager visualize security vulnerabilities, missing patches and open alerts for SAP systems across geolocations. They provide a fast and intuitive way to display and interact with security information for SAP landscapes that span multiple cities, countries, or regions. System data is maintained in the Landscape Management Database (LMDB) of SAP …
Read Article Visualize Security Risks for SAP Systems with Threat Maps

SAP Security Notes, April 2020

Posted on
Hot news note 2863731 provides updated correction instructions for a critical deserialization vulnerability in the enterprise Business Objects platform. The Crystal Reports .Net SDK WebForm Viewer in Business Objects could enable attackers with basic authorization to execute deserialization attacks. This could be exploited to perform malicious code execution. Note 2904480 patches a significant input validation …
Read Article SAP Security Notes, April 2020

Automating SAP Audits with Solution Manager

Posted on
According to IDC, 80% of ERP applications are audited at least once every 12 months. Driven by regulatory requirements, audits can drain valuable resources from projects targeted at business growth. They can also lead to audit fatigue and undermine relationships between IT and audit stakeholders. Compliance Reporting in SAP Solution Manager enables organizations to automate …
Read Article Automating SAP Audits with Solution Manager

Layer Seven Security Recognized as Top 25 Cyber Security Company

Posted on
Layer Seven Security has been selected by a panel of experts and members of the CIO Applications editorial board for inclusion in the Top 25 Cyber Security Companies for 2020. The annual list is compiled by CIO Applications to recognize and promote organizations that provide cutting-edge cybersecurity solutions. CIO Applications is a Silicon Valley industry …
Read Article Layer Seven Security Recognized as Top 25 Cyber Security Company

SAP Security Notes, March 2020

Posted on
Hot News note 2845377 patches a missing authentication check in the Diagnostics Agent. The Agent is a component of the Solution Manager landscape. It commonly connects to the Java server in Solution Manager through the J2EE Message Server HTTP port. This is recommended by SAP. However, it can also connect to Solution Manager using a …
Read Article SAP Security Notes, March 2020

Security Forensics with SAP Solution Manager

Posted on
Security Forensics in SAP Solution Manager supports centralized log monitoring for SAP landscapes. The Fiori application from Layer Seven Security enables users to analyze incidents across multiple logs and systems directly from Solution Manager, helping organizations to detect and respond to security breaches. It also protects against anti-forensics.  Since event logs are replicated to a …
Read Article Security Forensics with SAP Solution Manager

SAP Security Notes, February 2020

Posted on
Note 2841053 patches a high risk Denial of Service (DOS) Vulnerability in the SAP Host Agent. Username/password-based authentication requests for the SAP Host Agent are delegated to operating systems or LDAP, Active Directory and other authentication platforms. Operating systems and authentication platforms often include mechanisms to limit parallel logon requests in order to protect against …
Read Article SAP Security Notes, February 2020

Webinar Playback: SIEM Integration for SAP

Posted on
Security Information and Event Management (SIEM) systems support centralized security monitoring across networks. They ingest and analyze data from hosts, routers, switches, firewalls and other components to identify and respond to security threats. SIEM systems can ingest data directly from SAP application logs. However, direct integration is complex and laborious. It also requires high maintenance …
Read Article Webinar Playback: SIEM Integration for SAP

Prevent Configuration Drift with SAP Solution Manager

Posted on
Maintaining system security in dynamic SAP environments is a constant challenge. New users are added every day. Permissions for existing users are constantly updated to keep up with changing requirements. Software updates, transports and other changes introduce new components or developments and often necessitate changes to system settings. With each change, even hardened systems can …
Read Article Prevent Configuration Drift with SAP Solution Manager

SAP Security Notes, January 2020

Posted on
Note 2822074 patches a missing authorization check in the Business Object Repository (BOR) of SAP NetWeaver Application Server ABAP. The note introduces the switchable authorization check objects S_BOR_RFC and S_BOR_PRX to supplement the generic S_RFC authorization. The new objects should be activated using transaction SACF to secure remote access to BOR. Note 2844646 is a …
Read Article SAP Security Notes, January 2020

Whitepaper: SIEM Integration for SAP

Posted on
Download the new whitepaper for SAP-SIEM integration from Layer Seven Security. The whitepaper outlines recommended settings for the Security Audit Log, HANA audit log, and other logs to support advanced threat detection. It discusses the challenges of direct integration of SAP logs with SIEM systems in terms of complexity, log volume, maintenance, and event correlation. …
Read Article Whitepaper: SIEM Integration for SAP

SAP Security Notes, December 2019

Posted on
Note 2871877 patches multiple high priority vulnerabilities in Maintenance, Repair, and Overhaul (MRO) Workbenches in SAP Enterprise Asset Management (EAM). This includes missing authorizations checks for authenticated users that could lead to an escalation of privileges, and directory traversal caused by insufficient path validation. The latter vulnerability could enable attackers to read, overwrite, delete, or …
Read Article SAP Security Notes, December 2019

Season’s Greetings

Posted on
2019 was a stellar year. In case you missed them, check out the enhancements we rolled out during the year >  CVA – SolMan Integration – Monitor vulnerabilities in your custom programs using SAP Code Vulnerability Analyzer and SAP Solution Manager >  Fiori Reports & Dashboards – Manage vulnerabilities and threats directly from the SAP Fiori …
Read Article Season’s Greetings

SAP Security Notes, November 2019

Posted on
Hot News Note 2839864 updates Note 2808158 for a high risk OS Command Injection vulnerability in the SAP Diagnostics Agent. The vulnerability exists within the OS Command Plugin of the Agent, accessible through transaction GPA_ADMIN and the OS Command Console. Note 2839864 provides a patch for the LM_SERVICE for Support Pack levels 6-9 of the …
Read Article SAP Security Notes, November 2019

SIEM Integration with SAP Solution Manager

Posted on
Security Information and Event Management (SIEM) platforms combine the ability to collect log data from applications, hosts, routers, switches, firewalls and other endpoints with the ability to analyze events in real time. They support threat detection, event correlation and incident response with alerting and reporting capabilities. SIEM platforms require complete coverage for maximum yield. In …
Read Article SIEM Integration with SAP Solution Manager

SAP Security Notes, October 2019

Posted on
Hot News Note 2828682 patches a vulnerability in SAP Landscape Management Enterprise that could lead to the disclosure of critical information. Although the notes carries a CVSS score of 9.1/10, the vulnerability addressed by the note can only be executed under specific, uncommon conditions. In addition to implementing SAP Landscape Management 3.0 SP12 Patch 02, …
Read Article SAP Security Notes, October 2019

64% of ERP Systems Have Experienced Security Breaches Between 2017-19

Posted on
According to the findings of a recent independent survey of 430 IT decision makers, 64 percent of ERP deployments have experienced security breaches in the past 24 months. The findings are published in the report ERP Security: The Reality of Business Application Protection. In the words of the IDC, “ERP applications such as SAP can …
Read Article 64% of ERP Systems Have Experienced Security Breaches Between 2017-19

SAP Security Notes, September 2019

Posted on
Hot News Note 2798336 patches a critical code injection vulnerability in NetWeaver Application Server for Java (AS Java). A program error in the Web Container of AS Java could enable attackers to bypass input validation and execute dynamic content such as malicious code. The note includes updates for the J2EE Engine and API components. Note …
Read Article SAP Security Notes, September 2019

SAP Vulnerability Assessment vs Penetration Testing

Posted on
Vulnerability assessment and penetration testing both serve important functions for protecting business applications against security threats. The approaches are complementary but should be deployed sequentially. Penetration testing against systems and applications that have not been hardened based on the results of vulnerability assessments is inadvisable since the results are predictable.  The objective of penetration testing …
Read Article SAP Vulnerability Assessment vs Penetration Testing

SAP Security Notes, August 2019

Posted on
Hot News Note 2800779 patches a remote code execution vulnerability in the SAP NetWeaver UDDI Server. The vulnerability carries a CVSS score of 9.9/10 and could be exploited to take complete control of the Services Registry, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the …
Read Article SAP Security Notes, August 2019