Threat Briefing: Unpacking the Impact of Vulnerabilities Affecting SAP P4

Threat Briefing

August 17, 2023


Over the past few months, SAP has released a number of Security Notes (patches) addressing a family of vulnerabilities discovered and reported by the Onapsis Research Labs. This family of vulnerabilities has CVSS scores ranging in criticality from 5.3 to 10. Most of these vulnerabilities are related to the SAP P4 protocol itself. And while chained vulnerabilities historically are not easily exploitable, they tend to be a favorite tactic for more sophisticated threat actors.

Pablo Artuso of Onapsis Research Labs is credited with discovering this large family of related, chainable vulnerabilities as “P4CHAINS.” In this presentation, Artuso will walk through a recap of his and Yvan Genuer’s Black Hat USA presentation, including:

  • What is P4CHAINS?
  • The potential impact of P4CHAINS
  • The vulnerability chain(s)
  • Elevated impact from chaining


Pablo Artuso

Lead Security Researcher at Onapsis

Ready to eliminate your SAP cyber security blindspot?

Let us show you how simple it can be to protect your business applications.