Thomas Fritsch has been working on SAP security research for over four years, after a longer career as an SAP expert. With a focus on vulnerabilities in SAP system configuration and SAP transport management, he is known as a publisher of various articles and a speaker at different SAP-related conferences. Previously to joining Onapsis, he worked for an SAP partner in Walldorf where he designed and realized customer-centric solutions for the SAP change and transport management.
This blog discusses technical considerations in SAP Change and Transport Systems to adhere to audit requirements.
SAP has published 11 new and updated Security Notes on its August Patch Day. SAP has patched three Information Disclosure vulnerabilities in SAP BusinessObjects (BO) which affect different components of the application.
The Table Change Logging feature in SAP provides options to track changes to individual tables and simple customized objects. Learn more about The Onapsis Platform for SAP security and how we're supporting SAP customers in monitoring all important aspects of Table Change Logging.
SAP has released 27 new and updated SAP Security Notes in its July 2022 patch release. Three primary areas are affected by today’s SAP Security Notes, so Onapsis Research Labs recommends reviewing all details below before implementing the corresponding patches.
Protecting critical data from interconnected risk was SAP’s main motivation for introducing Read Access Logging (RAL). Learn how to use RAL to detect and analyze fraud or data theft to ensure SAP security.
There is no function module discussed more frequently in the SAP community than the function module RFC_READ_TABLE. This blog discusses the new options within RFC_READ_TABLE and the security aspects of the function module.
SAP Security Patch Day May 2022: Spring4Shell Vulnerability Has Been Patched in Six SAP Applications
SAP has released 17 new and updated SAP Security Notes in its May 2022 patch release, including the notes that were released since last patch day. As part of this month’s patch release, there are four HotNews notes and two High Priority notes.
SAP’s April Patch Tuesday requires special attention. The Spring4Shell vulnerability, CVE-2022-22965, was recently detected and has been successfully exploited, as noted by researchers. Onapsis Research Labs contributed to a serious vulnerability in SAP MII that could lead to a full compromise of the server in patching hosting the application.
SAP has published 17 new and updated Security Notes on its March Patch Day. The most critical patch is for SAP Focused Run, with a CVSS 9.3 vulnerability which can lead to full compromise of the affected systems.