Thank You!

We have received your request for a demo of our software. We will contact you within 1-2 business days to schedule the demonstration.

While you wait for the demonstration, here are some recently published articles speaking to securing your SAP systems.

SAP Security Notes, September 2022

Posted on
Note 3237075 patches a high priority vulnerability in SAP GRC Access Control that could be exploited by attackers to access Firefighter sessions even after they are closed in the Firefighter Logon Pad. Firefighter IDs are dedicated user identities with elevated privileges that are activated when required and controlled through Emergency Access Management (EAM) in SAP …
Read Article SAP Security Notes, September 2022

Securing Custom SAPUI5 Applications using the Cybersecurity Extension for SAP

Posted on
SAPUI5 is the foundation of Fiori applications in SAP solutions such as SAP HANA and S/4HANA. It provides a HTML5 framework for developing flexible and user-friendly applications that perform consistently across all browsers, platforms, and devices, and integrate with ABAP programs using APIs such as OData services. The SAPUI5 library is based on the jQuery …
Read Article Securing Custom SAPUI5 Applications using the Cybersecurity Extension for SAP

SAP Security Notes, August 2022

Posted on
Note 3102769 was rereleased in August with updated solution information. The workaround detailed in the original note has been moved to the new note 3221696. The workaround provides steps for deactivating the SAP IKS component to address a high priority cross-site scripting (XSS) vulnerability in SAP Knowledge Warehouse. Note 3150454 was also updated to enforce …
Read Article SAP Security Notes, August 2022

SAP Security Notes, July 2022

Posted on
There were several high priority security notes released in July for multiple vulnerabilities in SAP Business One. Note 3212997 patches an information disclosure issue that arises during the integration between Business One and SAP HANA. The vulnerability can be exploited to access privileged account credentials through the HANA cockpit’s data volume. Customers can switch from …
Read Article SAP Security Notes, July 2022

SAP Security Notes, June 2022

Posted on
Note 3158375 patches a high priority vulnerability in the SAProuter that can be exploited by attackers to execute administration commands from remote clients. The SAProuter is designed to accept administration commands from local clients only. However, this restriction can be bypassed in installations with specific entries in the saprouttab, the root permission table for the …
Read Article SAP Security Notes, June 2022

30 Percent of Security Notes in System Recommendations are False Positives

Posted on
System Recommendations (SysRec) in SAP Solution Manager automatically calculates relevant security notes for SAP systems based on the available software and application components in each system. It provides a cross-system view for required notes using a customizable, user-friendly interface. The use of SysRec is recommended by SAP for the lifecycle management of notes. It connects …
Read Article 30 Percent of Security Notes in System Recommendations are False Positives

SAP Security Notes, May 2022

Posted on
Hot news note 3165801 patches a critical missing authorization check in SAP NetWeaver Application Server ABAP. The notes introduces an authorization check for object S_OC_SEND to prevent the transmission of the contents of ABAP list output from the System Menu via e-mail. The note impacts all versions of SAP_BASIS from 700 to 788. Notes 2756188 …
Read Article SAP Security Notes, May 2022

Security Analytics with SAP Focused Run

Posted on
SAP Focused Run delivers real-time application monitoring, alerting and analytics for large-scale SAP landscapes and hosting providers that need to monitor customer SAP installations from a central platform. It leverages the power of SAP HANA to support centralized monitoring for thousands of systems in high-volume environments. Focused Run is intended to complement SAP Solution Manager …
Read Article Security Analytics with SAP Focused Run

SAP Security Notes, April 2022

Posted on
The central note 3170990 consolidates security notes for the critical Spring4Shell vulnerability. Spring4Shell is addressed by CVE-2022-22965. This is related to a remote code execution vulnerability in the open-source Java Spring Framework. Successful exploitation requires Apache Tomcat for serving applications built as a WAR file. Notes 3189428, 3187290, 3189429, 3189635 and 3171258 patch Sping4Shell in …
Read Article SAP Security Notes, April 2022

Patch Your SAP Systems with SAP Solution Manager

Posted on
Regularly patching SAP systems is the single most important action you can take to secure business-critical SAP applications from cyber threats. Despite the concern surrounding zero-day vulnerabilities, every known SAP exploit targets existing vulnerabilities patched by SAP through security notes. In other words, there is no evidence of the exploitation of zero-day vulnerabilities for SAP …
Read Article Patch Your SAP Systems with SAP Solution Manager

SAP Security Notes, March 2022

Posted on
Note 3123396 patches SAP NetWeaver Application Server ABAP and the Web Dispatcher for CVE-2022-22536. This is related to the ICMAD (Internet Communication Manager Advanced Desync) vulnerability that was the subject of alerts from multiple threat intelligence agencies including CISA and CERT-EU. ICMAD is a memory corruption vulnerability that can be exploited through a single HTTP …
Read Article SAP Security Notes, March 2022

Monitoring SuccessFactors with SAP Solution Manager

Posted on
SuccessFactors is a cloud SaaS solution from SAP for Human Capital Management. It includes a suite of applications for core HR functions such as employee management, recruitment, and payroll.  It is often closely integrated with HCM functions in cloud or on-premise ERP systems using the Integration Add-On for SAP ERP HCM. The integration can be …
Read Article Monitoring SuccessFactors with SAP Solution Manager

SAP Security Notes, February 2022

Posted on
The central note 3131047 was updated with the addition of security notes 3142773 and 3139893 for the critical remote code execution vulnerability in the Apache Log4J 2 component. The new notes patch Log4Shell in SAP Commerce and SAP Dynamic Authorization Management and include manual procedures to apply both patches and workarounds. Note 3140940 patches a …
Read Article SAP Security Notes, February 2022

CISA, FBI Warn Organizations to Protect Against State-Sponsored Malware

Posted on
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint statement to advise organizations to prepare for increased cyber activity in the wake of the Russian invasion of Ukraine. According to the advisory, there is a risk that Russian cyber attacks will spread to government and business networks …
Read Article CISA, FBI Warn Organizations to Protect Against State-Sponsored Malware

Security Advisory for Critical SAP ICMAD Vulnerabilities

Posted on
International threat intelligence agencies including the U.S Cybersecurity & Infrastructure Security Agency (CISA) and the Computer Emergency Response Team for the EU (CERT-EU) issued security advisories last week for critical vulnerabilities in the SAP Internet Communication Manager (ICM). The ICM supports inbound and outbound communication with SAP systems using the HTTP(S) protocol. It is a …
Read Article Security Advisory for Critical SAP ICMAD Vulnerabilities

SAP Security Notes, January 2022

Posted on
Multiple Hot News notes were released in January as part of SAP’s continued efforts to patch solutions impacted by the critical Log4Shell vulnerability. This includes Process Orchestration (note 3130521), Data Intelligence (3130920) and Business One (3131740). The central note 3131047 consolidates patches for the remote code execution vulnerability in the vulnerable Apache Log4j 2 component. …
Read Article SAP Security Notes, January 2022

Whitepaper: Securing SAP Solutions from Log4Shell

Posted on
Log4JShell is one of the most dangerous security vulnerabilities in decades. It can be exploited remotely with minimal complexity and without authentication to execute arbitrary code that could lead to the complete compromise of vulnerable applications. Log4Shell impacts Log4J, a widely installed open-source Java logging utility. A dangerous zero-day remote code execution vulnerability in Log4J …
Read Article Whitepaper: Securing SAP Solutions from Log4Shell

SAP Security Notes, December 2021

Posted on
The central security note 3131047 consolidates Log4Shell patches for SAP products. Log4JShell is regarded as one of the most dangerous security vulnerabilities in decades. It can be exploited remotely with minimal complexity and without authentication to execute arbitrary code that could lead to the complete compromise of vulnerable applications. Log4Shell impacts Log4J, a widely installed …
Read Article SAP Security Notes, December 2021

Securing SAP Systems from Log4J Exploits

Posted on
The Cybersecurity and Infrastructure Security Agency (CISA) has designated the recent Log4J vulnerability as one of the most serious in decades and urged organizations to immediately address the vulnerability in applications.   Log4j is an open-source logging framework maintained by the Apache Foundation. The framework includes the API Java Naming and Directory Interface (JNDI). Strings …
Read Article Securing SAP Systems from Log4J Exploits

SAP Security Notes, November 2021

Posted on
Hot news note 3089831 was updated for a SQL Injection vulnerability in SAP NZDT Mapping Table Framework. SAP NZDT (Near Zero Downtime Technology) is a service that supports system conversion with minimal downtime. The vulnerability could enable attackers to access backend databases by executing malicious queries or inject code through vulnerable NZDT function modules. The …
Read Article SAP Security Notes, November 2021

CISA Issues Directive for Actively Exploited SAP Vulnerabilities

Posted on
The US Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 22-01 on November 3 to compel government departments and agencies to remediate specific vulnerabilities with known exploits. According to CISA, the vulnerabilities pose a significant risk to information systems. This includes several vulnerabilities for SAP applications that must be remediated by May 3, …
Read Article CISA Issues Directive for Actively Exploited SAP Vulnerabilities

SAP Security Notes, October 2021

Posted on
Hot News note 3097887 patches a broken authorization check in SAP NetWeaver AS ABAP and ABAP Platform. The vulnerability could be exploited by attackers with developer or administrator rights to transfer malicious code to vulnerable systems. This can be performed via a LEAVE PROGRAM statement in a specific report within the software logistics system. Note …
Read Article SAP Security Notes, October 2021

Security Monitoring with Focused Insights for SAP Solution Manager

Posted on
Focused Insights is an advanced dashboard framework that was previously available only for MaxAttention customers as part of the MaxAttention Next Generation Add-On (MANGO) but is now available for all SAP customers. Focused Insights can now be installed in SAP Solution Manager 7.2 without any additional SAP licensing or user and usage restrictions. Focused Insights …
Read Article Security Monitoring with Focused Insights for SAP Solution Manager