Thomas Fritsch has been working on SAP security research for over four years, after a longer career as an SAP expert. With a focus on vulnerabilities in SAP system configuration and SAP transport management, he is known as a publisher of various articles and a speaker at different SAP-related conferences. Previously to joining Onapsis, he worked for an SAP partner in Walldorf where he designed and realized customer-centric solutions for the SAP change and transport management.
This is part three of our blog series on the Dangers in SAP Transport Management. In part one, we give an intro to SAP Transports. In part two, we went over the starting point of this attack, the transaction SU24. In this third installment, we’re focused on the manipulation of job management and its associated risks to SAP Transports.
SAP has released 18 new and updated SAP Security Notes in its March 2021 patch release, including the notes that were released since last patch day. As part of this month’s patch release, there are four HotNews notes and one High Priority note.
SAP has released 20 new and updated SAP Security Notes on February’s Patch Day, including the notes that were released since last Patch Day.
"60% of data breaches are caused by a failure to patch. If you correct that, you've eliminated 60% of breaches.” Ricardo Lafosse, CISO of Morningstar, at SecureWorld Chicago.
The first article of this series spoke about the global deactivation of authorization checks for single authorization objects per transport. A similar risk results from the possibility of deactivating authorization checks transaction-specifically. With this method, it is even more difficult to detect an attack, as the impact can be limited to one transaction.
SAP has published 19 new and updated Security Notes on its December Patch Day. This number includes five HotNews notes and two High Priority notes.
SAP Security Patch Day December 2020: Serious Vulnerability in SAP NetWeaver AS JAVA Requires Immediate Patching
SAP has published 14 new and updated Security Notes on its December Patch Day. This number includes four HotNews notes and two High Priority notes.
Subscribe to our monthly newsletter, the Defender's Digest!Subscribe