Skip to content

Cybersecurity Extension for SAP
Services
Success Stories
Resources
Contact Us

Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

EXECUTIVE SUMMARY

Leading the Conversation in SAP Cybersecurity

Our blog is the premier resource for CISOs and SAP security and Basis specialists seeking deep technical insights into the SAP threat landscape. Our research team provides expert analysis on emerging attack vectors targeting S/4HANA, SAP RISE, and SAP BTP, as well as practical guidance on meeting global compliance standards such as NIS2 and SOX. By translating complex vulnerability disclosures into actionable defense strategies, we empower the global SAP community to harden their mission-critical environments and implement proactive monitoring frameworks that bridge the gap between SAP teams and security operations.

Recent Articles & Threat Intel

Search

Search

Securing Software Supply Chains for SAP Systems

Software supply chain attacks are advanced cyberattacks that target information systems through third party software. Threat actors compromise systems and data by exploiting software builds or interfaces for trusted software. This enables attackers to introduce malware without detection including backdoors. The recent software supply chain attack experienced by SolarWinds is widely regarded as one of

Webinar Playback: Protecting SAP Systems from Ransomware Attacks

Ransomware is headline news, and recent attacks have demonstrated the devastating impact of attacks that target critical infrastructure. According to the Department of Homeland Security ransomware attacks have increased by 300% over the past year, impacting all industries and sectors. The average downtime from an attack is 21 days, but full recovery takes an average

SAP Security Notes, May 2021

Note 3046610 patches a high priority code injection vulnerability in SAP NetWeaver Application Server ABAP (AS ABAP). Program RDDPUTJR may be executed by attackers to inject malicious code. The note replaces the code of the report with an exit statement. The program can be deleted by the support packages included in the note. Access to

Protecting SAP Systems from Ransomware

The recent attack at Colonial Pipeline has demonstrated the devastating impact of ransomware on critical infrastructure. According to the Department of Homeland Security, ransomware attacks have increased by 300% over the past year, impacting all industries and sectors. The average downtime from an attack is 21 days. Full recovery takes an average of 287 days.

SAP Security Notes, April 2021

Hot news note 2999854 was updated in April for a critical code injection vulnerability in SAP Business Warehouse and SAP BW/4HANA. BW and BW/4HANA allow a low privileged attacker to inject malicious code using a remote enabled function module over the network. Due to a lack of input validation, users granted RFC access to execute

Cybersecurity Extension for SAP Identifies Signatures of Active SAP Cyberattacks

Earlier this month, SAP issued a joint report with a security research firm to highlight active cyber threats targeting SAP applications. According to the report, there is conclusive evidence that attackers are actively targeting and exploiting unsecured SAP applications. The report also reveals that some SAP vulnerabilities are being weaponized in less than 72 hours

SAP Security Notes, March 2021

Hot news note 3022622 patches a critical code injection vulnerability in SAP Manufacturing Integration and Intelligence (MII). SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). Attackers can target this feature to inject malicious JSP code that include OS commands. The code and commands are

Securing Linux Platforms for SAP HANA and S/4HANA

SUSE Linux Enterprise Server (SLES) is the leading operating system for SAP HANA and SAP S/4HANA solutions, supporting 85 percent of HANA deployments worldwide. SLES for SAP Applications is optimized to support high availability and persistent memory and endorsed by SAP. Securing operating systems is a critical component of SAP system hardening. Vulnerable hosts can

SAP Security Notes, February 2021

Hot News note 3014121 patches a critical remote code execution vulnerability in SAP Commerce. The Backoffice application in SAP Commerce enables certain users with required privileges to edit drools rules. An authenticated attacker with this privilege is able to inject malicious code in the drools rules, enabling the attacker to compromise the SAP host. This

Layer Seven Security’s Cybersecurity Extension for SAP® Solutions Achieves SAP® Certification as Integrated with SAP NetWeaver®

Toronto, Canada – March 8, 2021 – Layer Seven Security today announced its Cybersecurity Extension v3.4 for SAP® Solutions has achieved SAP®-certified integration with the SAP NetWeaver® technology platform. The solution has been proven to integrate with SAP solutions, providing automated vulnerability management, threat detection and incident response for SAP applications and infrastructure. “We are delighted to

SAP Security Notes, January 2021

Hot News note 2983367 corrects a code injection vulnerability in Master Data Management in SAP Business Warehouse and SAP BW4HANA. The vulnerability could be exploited to execute privileged OS commands. The correction introduces a hard coded report name which can only be executed by a legitimate user in release 7.30. The note removes the impacted

SolarWinds Attack: Lessons Learned for SAP Cyber Security

The software supply chain attack suffered by SolarWinds may have impacted as many as 425 of the US Fortune 500, the top ten US telecommunications companies, the top five US accounting firms, all branches of the US Military, the Pentagon, the State Department, the world’s largest cybersecurity firm, as well as hundreds of organizations worldwide.

Page1 Page2 Page3 Page4 Page5

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Solutions

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Services

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

Resources

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Recent News

SAP Security Notes, April 2026

Now on SAP BTP: Access the Cybersecurity Extension for SAP on SAP Build Work Zone

Layer Seven Security Achieves CyberSecure Certification

SAP Security Notes, April 2026

Now on SAP BTP: Access the Cybersecurity Extension for SAP on SAP Build Work Zone

Layer Seven Security Achieves CyberSecure Certification

Browse Previous Content

Copyright © 2010-2026 Layer Seven Security Inc. All rights reserved.

Sitemap Privacy Policy

The Gartner Peer Insights Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cybersecurity Extension for SAP
Services
Success Stories
Resources
Contact Us