Thank You!
Thank you for contacting Layer Seven Security. We will respond to your request in 1-2 business days.
Here are some recently published articles speaking to securing your SAP systems.
SAP Security Notes, January 2022
Multiple Hot News notes were released in January as part of SAP’s continued efforts to patch solutions impacted by the critical Log4Shell vulnerability. This includes Process Orchestration (note 3130521), Data Intelligence (3130920) and Business One (3131740). The central note 3131047 consolidates patches for the remote code execution vulnerability in the vulnerable Apache Log4j 2 component. …
Whitepaper: Securing SAP Solutions from Log4Shell
Log4JShell is one of the most dangerous security vulnerabilities in decades. It can be exploited remotely with minimal complexity and without authentication to execute arbitrary code that could lead to the complete compromise of vulnerable applications. Log4Shell impacts Log4J, a widely installed open-source Java logging utility. A dangerous zero-day remote code execution vulnerability in Log4J …
SAP Security Notes, December 2021
The central security note 3131047 consolidates Log4Shell patches for SAP products. Log4JShell is regarded as one of the most dangerous security vulnerabilities in decades. It can be exploited remotely with minimal complexity and without authentication to execute arbitrary code that could lead to the complete compromise of vulnerable applications. Log4Shell impacts Log4J, a widely installed …
Securing SAP Systems from Log4J Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) has designated the recent Log4J vulnerability as one of the most serious in decades and urged organizations to immediately address the vulnerability in applications. Log4j is an open-source logging framework maintained by the Apache Foundation. The framework includes the API Java Naming and Directory Interface (JNDI). Strings …
SAP Security Notes, November 2021
Hot news note 3089831 was updated for a SQL Injection vulnerability in SAP NZDT Mapping Table Framework. SAP NZDT (Near Zero Downtime Technology) is a service that supports system conversion with minimal downtime. The vulnerability could enable attackers to access backend databases by executing malicious queries or inject code through vulnerable NZDT function modules. The …
CISA Issues Directive for Actively Exploited SAP Vulnerabilities
The US Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 22-01 on November 3 to compel government departments and agencies to remediate specific vulnerabilities with known exploits. According to CISA, the vulnerabilities pose a significant risk to information systems. This includes several vulnerabilities for SAP applications that must be remediated by May 3, …
SAP Security Notes, October 2021
Hot News note 3097887 patches a broken authorization check in SAP NetWeaver AS ABAP and ABAP Platform. The vulnerability could be exploited by attackers with developer or administrator rights to transfer malicious code to vulnerable systems. This can be performed via a LEAVE PROGRAM statement in a specific report within the software logistics system. Note …
Security Monitoring with Focused Insights for SAP Solution Manager
Focused Insights is an advanced dashboard framework that was previously available only for MaxAttention customers as part of the MaxAttention Next Generation Add-On (MANGO) but is now available for all SAP customers. Focused Insights can now be installed in SAP Solution Manager 7.2 without any additional SAP licensing or user and usage restrictions. Focused Insights …
SAP Security Notes, September 2021
Hot news note 3078609 patches a missing authorization check in the JMS Connector Service of SAP NetWeaver Application Server for Java. The vulnerability could be exploited to execute arbitrary code in the system remotely and without authentication. Hence, the note carries the maximum CVSS score of 10/10. A fix is included in the note but …
SAP Security Notes, August 2021
Hot news note 3072955 patches a Server Side Request Forgery (SSRF) vulnerability in the Component Build Service of SAP NetWeaver Development Infrastructure (NWDI). The Component Build Service includes a vulnerable servlet that could be targeted to perform proxy attacks. The vulnerability has a CVSS score of 9.9/10 for NWDI installations exposed to the internet. The …
Securing the SYSTEM User in SAP HANA
The SYSTEM user is the most powerful database user in SAP HANA with system-wide privileges including permissions to create and maintain other users, perform system changes, stop and start services, and create and drop databases and tables. The user is created during the initial setup of SAP HANA. Once the system is setup, the SYSTEM …
SAP Security Notes, July 2021
Hot News Note 3007182 contains updated corrections for a broken authentication vulnerability in the SAP NetWeaver AS ABAP and ABAP Platform. The corrections improve the ability to distinguish between internal and external RFC and HTTP connections. This protects against external threat actors using credentials for internal communications. Note 3007182 includes kernel patches for multiple kernel …
License Auditing with SAP Solution Manager
SAP uses a variety of licensing models for its solutions including perpetual licenses, subscription licenses, and consumption-based term licenses. For perpetual licenses, usage rights for SAP software are restricted to a specific number of SAP Named Users. The number of Named Users is a key component of pricing metrics for such licenses. Compliance is an …
SAP Security Notes, June 2021
Hot News note 3040210 patches a critical remote code execution vulnerability in Source Rules of SAP Commerce. The vulnerability affects both on-premise installations of SAP Commerce and SAP Commerce Cloud in the Public Cloud. SAP Commerce Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to …
Securing Software Supply Chains for SAP Systems
Software supply chain attacks are advanced cyberattacks that target information systems through third party software. Threat actors compromise systems and data by exploiting software builds or interfaces for trusted software. This enables attackers to introduce malware without detection including backdoors. The recent software supply chain attack experienced by SolarWinds is widely regarded as one of …
Webinar Playback: Protecting SAP Systems from Ransomware Attacks
Ransomware is headline news, and recent attacks have demonstrated the devastating impact of attacks that target critical infrastructure. According to the Department of Homeland Security ransomware attacks have increased by 300% over the past year, impacting all industries and sectors. The average downtime from an attack is 21 days, but full recovery takes an average …
SAP Security Notes, May 2021
Note 3046610 patches a high priority code injection vulnerability in SAP NetWeaver Application Server ABAP (AS ABAP). Program RDDPUTJR may be executed by attackers to inject malicious code. The note replaces the code of the report with an exit statement. The program can be deleted by the support packages included in the note. Access to …
Protecting SAP Systems from Ransomware
The recent attack at Colonial Pipeline has demonstrated the devastating impact of ransomware on critical infrastructure. According to the Department of Homeland Security, ransomware attacks have increased by 300% over the past year, impacting all industries and sectors. The average downtime from an attack is 21 days. Full recovery takes an average of 287 days. …
SAP Security Notes, April 2021
Hot news note 2999854 was updated in April for a critical code injection vulnerability in SAP Business Warehouse and SAP BW/4HANA. BW and BW/4HANA allow a low privileged attacker to inject malicious code using a remote enabled function module over the network. Due to a lack of input validation, users granted RFC access to execute …
Cybersecurity Extension for SAP Identifies Signatures of Active SAP Cyberattacks
Earlier this month, SAP issued a joint report with a security research firm to highlight active cyber threats targeting SAP applications. According to the report, there is conclusive evidence that attackers are actively targeting and exploiting unsecured SAP applications. The report also reveals that some SAP vulnerabilities are being weaponized in less than 72 hours …
SAP Security Notes, March 2021
Hot news note 3022622 patches a critical code injection vulnerability in SAP Manufacturing Integration and Intelligence (MII). SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). Attackers can target this feature to inject malicious JSP code that include OS commands. The code and commands are …
Securing Linux Platforms for SAP HANA and S/4HANA
SUSE Linux Enterprise Server (SLES) is the leading operating system for SAP HANA and SAP S/4HANA solutions, supporting 85 percent of HANA deployments worldwide. SLES for SAP Applications is optimized to support high availability and persistent memory and endorsed by SAP. Securing operating systems is a critical component of SAP system hardening. Vulnerable hosts can …
SAP Security Notes, February 2021
Hot News note 3014121 patches a critical remote code execution vulnerability in SAP Commerce. The Backoffice application in SAP Commerce enables certain users with required privileges to edit drools rules. An authenticated attacker with this privilege is able to inject malicious code in the drools rules, enabling the attacker to compromise the SAP host. This …
Layer Seven Security’s Cybersecurity Extension for SAP® Solutions Achieves SAP® Certification as Integrated with SAP NetWeaver®
Toronto, Canada – March 8, 2021 – Layer Seven Security today announced its Cybersecurity Extension v3.4 for SAP® Solutions has achieved SAP®-certified integration with the SAP NetWeaver® technology platform. The solution has been proven to integrate with SAP solutions, providing automated vulnerability management, threat detection and incident response for SAP applications and infrastructure. “We are delighted to …