SAP vulnerabilities

SAP Patch Day for September 2022 includes 16 new and updated Security Notes (including the notes that were released or updated since last Patch Tuesday).

CTO JP Perez-Etchegoyen answers six questions around recent SAP application exploitation activity and shares tips for SAP security and next steps organizations can take to protect their critical systems.

The Onapsis Research Labs detected active exploitation activity related to three vulnerabilities that were already patched by SAP.

Now is the time to secure your business-critical SAP applications.

Onapsis Research Labs discovered a set of extremely critical vulnerabilities affecting SAP applications actively using the SAP Internet Communication Manager (ICM) component. This discovery requires immediate attention by most SAP customers.

During our recent webinar covering our threat report, we received a lot of great questions from attendees. In this post, we are going to address some of the questions that were asked in the live session.

One of the most common tasks an SAP Basis administrator must do is confirm their SAP systems are not missing SAP Security Notes to ensure their systems are not exposed to known vulnerabilities.

During the SAP system lifecycle (installation, upgrade, maintenance), Basis Administrators must validate that system security setting, logging and parameters are configured correctly. This can be an extremely time-consuming task as the SAP landscape is not static; new configurations, programs, clients, instances and systems are constantly being added, all while system and client refreshes are occurring and impacting system settings. 

Today, SAP released its monthly patch updates with several fixes, including 22 new SAP Security Notes, 4 HotNews Notes and 5 High Priority Notes.

Our research team recently revealed a critical threat to SAP Netweaver - Join our upcoming webcast to learn more.