Thomas Fritsch
As a key SAP security researcher at Onapsis, Thomas Fritsch is a trusted authority on vulnerability management and emerging threats. Leveraging his extensive career as an SAP expert, he focuses on deeply technical areas like SAP system configuration and transport management. Thomas’s analysis of the latest SAP security patches and vulnerabilities is a core component of the research that provides the in-depth, actionable intelligence organizations need to protect their systems. His role as a respected speaker and publisher further establishes him as a definitive voice in the SAP cybersecurity space, helping to bridge the gap between complex research and real-world security practices.
SAP Security Patch Day August 2022: A Calm Patch Day With SAP BusinessObjects in Focus
SAP has published 11 new and updated Security Notes on its August Patch Day. SAP has patched three Information Disclosure vulnerabilities in SAP BusinessObjects (BO) which affect different components of the application.
The Value of Table Change Logging For SAP Customizing Data
The Table Change Logging feature in SAP provides options to track changes to individual tables and simple customized objects. Learn more about The Onapsis Platform for SAP security and how we’re supporting SAP customers in monitoring all important aspects of Table Change Logging.
SAP Security Patch Day July 2022: Three Applications in Focus
SAP has released 27 new and updated SAP Security Notes in its July 2022 patch release. Three primary areas are affected by today’s SAP Security Notes, so Onapsis Research Labs recommends reviewing all details below before implementing the corresponding patches.
I Know What You Read Last Summer: How SAP Read Access Logging Can Help Identify Data Theft
Protecting critical data from interconnected risk was SAP’s main motivation for introducing Read Access Logging (RAL). Learn how to use RAL to detect and analyze fraud or data theft to ensure SAP security.
SAP RFC Read Table: Accessing Arbitrary Tables in SAP
There is no function module discussed more frequently in the SAP community than the function module RFC_READ_TABLE. This blog discusses the new options within RFC_READ_TABLE and the security aspects of the function module.
SAP Security Patch Day May 2022: Spring4Shell Vulnerability Has Been Patched in Six SAP Applications
SAP has released 17 new and updated SAP Security Notes in its May 2022 patch release, including the notes that were released since last patch day. As part of this month’s patch release, there are four HotNews notes and two High Priority notes.
SAP Security Patch Day April 2022: In Focus: Spring4Shell and SAP MII
SAP’s April Patch Tuesday requires special attention. The Spring4Shell vulnerability, CVE-2022-22965, was recently detected and has been successfully exploited, as noted by researchers. Onapsis Research Labs contributed to a serious vulnerability in SAP MII that could lead to a full compromise of the server in patching hosting the application.
SAP Security Patch Day March 2022: SAP Focused Run Affected by Several Vulnerabilities
SAP has published 17 new and updated Security Notes on its March Patch Day. The most critical patch is for SAP Focused Run, with a CVSS 9.3 vulnerability which can lead to full compromise of the affected systems.
SAP Security Patch Day February 2022: Severe HTTP Smuggling Vulnerabilities in SAP NetWeaver
SAP’s February Patch Tuesday brings new extremely critical vulnerabilities in all SAP applications that are based on SAP NetWeaver. SAP, CISA, and Onapsis strongly advise all impacted organizations to prioritize patching these affected systems as soon as possible.