Skip to content

Cybersecurity Extension for SAP
Services
Success Stories
Resources
Contact Us

Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

EXECUTIVE SUMMARY

Leading the Conversation in SAP Cybersecurity

Our blog is the premier resource for CISOs and SAP security and Basis specialists seeking deep technical insights into the SAP threat landscape. Our research team provides expert analysis on emerging attack vectors targeting S/4HANA, SAP RISE, and SAP BTP, as well as practical guidance on meeting global compliance standards such as NIS2 and SOX. By translating complex vulnerability disclosures into actionable defense strategies, we empower the global SAP community to harden their mission-critical environments and implement proactive monitoring frameworks that bridge the gap between SAP teams and security operations.

Recent Articles & Threat Intel

Search

Search

SAP Security Notes, November 2019

Hot News Note 2839864 updates Note 2808158 for a high risk OS Command Injection vulnerability in the SAP Diagnostics Agent. The vulnerability exists within the OS Command Plugin of the Agent, accessible through transaction GPA_ADMIN and the OS Command Console. Note 2839864 provides a patch for the LM_SERVICE for Support Pack levels 6-9 of the

SIEM Integration with SAP Solution Manager

Security Information and Event Management (SIEM) platforms combine the ability to collect log data from applications, hosts, routers, switches, firewalls and other endpoints with the ability to analyze events in real time. They support threat detection, event correlation and incident response with alerting and reporting capabilities. SIEM platforms require complete coverage for maximum yield. In

SAP Security Notes, October 2019

Hot News Note 2828682 patches a vulnerability in SAP Landscape Management Enterprise that could lead to the disclosure of critical information. Although the notes carries a CVSS score of 9.1/10, the vulnerability addressed by the note can only be executed under specific, uncommon conditions. In addition to implementing SAP Landscape Management 3.0 SP12 Patch 02,

64% of ERP Systems Have Experienced Security Breaches Between 2017-19

According to the findings of a recent independent survey of 430 IT decision makers, 64 percent of ERP deployments have experienced security breaches in the past 24 months. The findings are published in the report ERP Security: The Reality of Business Application Protection. In the words of the IDC, “ERP applications such as SAP can

SAP Security Notes, September 2019

Hot News Note 2798336 patches a critical code injection vulnerability in NetWeaver Application Server for Java (AS Java). A program error in the Web Container of AS Java could enable attackers to bypass input validation and execute dynamic content such as malicious code. The note includes updates for the J2EE Engine and API components. Note

SAP Vulnerability Assessment vs Penetration Testing

Vulnerability assessment and penetration testing both serve important functions for protecting business applications against security threats. The approaches are complementary but should be deployed sequentially. Penetration testing against systems and applications that have not been hardened based on the results of vulnerability assessments is inadvisable since the results are predictable. The objective of penetration testing

SAP Security Notes, August 2019

Hot News Note 2800779 patches a remote code execution vulnerability in the SAP NetWeaver UDDI Server. The vulnerability carries a CVSS score of 9.9/10 and could be exploited to take complete control of the Services Registry, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the

SAP Security Notes, July 2019

Hot News Note 2808158 patches a critical code injection vulnerability in the SAP Diagnostics Agent. The Agent is required to monitor operating systems and discover the database cluster topology from SAP Solution Manager. It is not required for monitoring the security of SAP systems with Solution Manager. Security-relevant data is collected or monitored primarily through

Recommended Settings for SAP Logging and Auditing

The Cybersecurity Extension for SAP Solution Manager monitors SAP event logs to automatically detect and alert for indicators of compromise. The monitoring interval can be customized for each security metric based on risk and sizing. An interval of 60 seconds, for example, can support real-time threat detection. However, real-time detection is only useful when supported

SAP Security Notes, June 2019

Note 2748699 provides instructions for securing the credentials of the standard user SM_EXTERN_WS in SAP Solution Manager. SM_EXTERN_WS is used by CA Introscope Enterprise Manager (EM) to collect monitoring metrics from mainly non-ABAP components in SAP landscapes. The metrics are collected via the Introscope Push web service. The credentials for SM_EXTERN_WS including the automatically generated

SAP Security Notes, May 2019

Note 1408081 was updated in May in response to the recent 10KBLAZE exploits targeting vulnerabilities in the gateway server. The note includes revised instructions for maintaining access control lists in the gateway security files reg_info and sec_info for different kernel versions. The access control lists should be configured to control external server registrations and program

Webinar: 10KBLAZE – Secure Your SAP Systems with CVA and SolMan

According to a recent report, thousands of SAP installations may be vulnerable to 10KBLAZE exploits targeting SAP applications. Join SAP and Layer Seven Security to learn how to secure your SAP systems against the exploits with SAP Code Vulnerability Analyzer (CVA) and SAP Solution Manager. CVA performs static code analysis to detect vulnerabilities in custom

Page1 Page2 Page3 Page4 Page5

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Solutions

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Services

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

Resources

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Recent News

SAP Security Notes, April 2026

Now on SAP BTP: Access the Cybersecurity Extension for SAP on SAP Build Work Zone

Layer Seven Security Achieves CyberSecure Certification

SAP Security Notes, April 2026

Now on SAP BTP: Access the Cybersecurity Extension for SAP on SAP Build Work Zone

Layer Seven Security Achieves CyberSecure Certification

Browse Previous Content

Copyright © 2010-2026 Layer Seven Security Inc. All rights reserved.

Sitemap Privacy Policy

The Gartner Peer Insights Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cybersecurity Extension for SAP
Services
Success Stories
Resources
Contact Us