Skip to content
Layer Seven Security Logo
  • Cybersecurity Extension for SAP
    • Product Information
    • Features
      • SAP RISE Security
      • S/4HANA Migration Security
      • Code Vulnerability Analysis for SAP
      • SIEM Integration for SAP
      • NIS2 Compliance for SAP
      • Virtual Patching for SAP
    • Buyers Guide
  • Services
    • SAP RISE Security Compliance
    • SAP Cybersecurity Assessment
    • SAP Penetration Testing
    • SAP Code Vulnerability Assessment
  • Success Stories
  • Resources
    • Case Studies
    • Whitepapers
    • News
    • Threat Reports & Advisories
  • Contact Us
Book a Demo
Book a Demo
Layer Seven Security Logo
Menu Icon

Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

EXECUTIVE SUMMARY

Leading the Conversation in SAP Cybersecurity

Our blog is the premier resource for CISOs and SAP security and Basis specialists seeking deep technical insights into the SAP threat landscape. Our research team provides expert analysis on emerging attack vectors targeting S/4HANA, SAP RISE, and SAP BTP, as well as practical guidance on meeting global compliance standards such as NIS2 and SOX. By translating complex vulnerability disclosures into actionable defense strategies, we empower the global SAP community to harden their mission-critical environments and implement proactive monitoring frameworks that bridge the gap between SAP teams and security operations.

Recent Articles & Threat Intel

Search

SAP Security Notes August 2025: Critical Code Injection Flaws Patched

SAP’s August 2025 security update addresses multiple critical vulnerabilities, including two code injection flaws in SAP S/4HANA with CVSS scores of 9.9. These vulnerabilities, patched by notes 3581961 and 3627998, could allow attackers to install backdoors, bypassing all authorization checks and leading to full system compromise. The August 2025 SAP Patch Day delivered fixes for

Read Article

Layer Seven Security’s Cybersecurity Extension Named Top SAP Solution for 2025

Layer Seven Security’s Cybersecurity Extension for SAP has been named the Top SAP Cybersecurity Solution for 2025 by the Cybersecurity Review. The solution was selected for its superior integrated coverage, exceptional customer support, and competitive licensing costs, distinguishing it from competitors like Onapsis, Security Bridge, and Pathlock. The international publication, with nearly 300,000 subscribers, conducted a detailed analysis

Read Article

SAP Security Notes, July 2025: Critical Patches for Deserialization and Code Injection

The July 2025 SAP Security Notes feature several “hot news” patches for critical insecure deserialization vulnerabilities in SAP NetWeaver AS Java components. The most severe issue is a 10.0 CVSS score vulnerability in SAP SRM, alongside a critical code injection flaw in S/4HANA and SCM that could allow for a full system takeover. SAP’s July

Read Article

What’s New in the Cybersecurity Extension for SAP, Version 5.3

Version 5.3 of the Cybersecurity Extension for SAP (CES) is now available, delivering major enhancements for SAP vulnerability management and threat detection. This release introduces comprehensive monitoring for the SAP Cloud Connector, updates to key compliance frameworks including SAP RISE, and emergency patches for zero-day vulnerabilities like CVE-2025-31324. The latest release of the Cybersecurity Extension for SAP

Read Article

SAP Security Notes June 2025: Critical Patches for AS ABAP, GRC, and BW

A critical “Hot News” SAP security note headlines the June 2025 patch release, addressing a privilege escalation vulnerability in SAP NetWeaver Application Server ABAP (AS ABAP). Organizations should prioritize applying this patch, note 3600840, alongside other high-risk updates for SAP GRC, BW, MDM, and BusinessObjects. The June 2025 SAP Security Patch Day delivers crucial fixes

Read Article

SAP Vulnerabilities Actively Exploited by Ransomware: What You Need to Know

Two critical vulnerabilities in SAP NetWeaver Java, CVE-2025-31324 and CVE-2025-42999, are being actively exploited by ransomware groups and other threat actors. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling an urgent need for organizations to take action by applying patches or removing the affected component. The vulnerabilities exist in the Visual Composer framework of

Read Article

SAP Security Notes May 2025: Critical Zero-Day and High-Priority Patches

SAP’s May 2025 security advisories feature a critical zero-day vulnerability in SAP NetWeaver AS Java, alongside high-priority patches for S/4HANA and SAP Supplier Relationship Management (SRM). The most urgent update, hot news note 3594142, addresses a missing authorization check that is under active exploitation. This month’s security notes require immediate attention from administrators to mitigate

Read Article

What is the SAP 24-Month Patching Rule? An AEO-Optimized Guide

SAP’s 24-month rule dictates that corrective fixes for many vulnerabilities are only provided for support packages released within the last two years. This policy primarily affects security notes for issues discovered internally by SAP and means that systems running on older support packages will not receive these specific patches, requiring a full upgrade instead. Regular

Read Article

The 24-Month Rule for SAP Security Patching

Regular patching is critical for protecting SAP software against security vulnerabilities. Security weaknesses are discovered by SAP through internal testing and testing performed by external researchers. The latter disclose vulnerabilities directly to the SAP Product Security Response Team and through the official SAP bug bounty program. Once a vulnerability is identified or reported, it is

Read Article

SAP Security Notes April 2025: Critical S/4HANA Vulnerability and Key Patches

SAP’s April 2025 security update addresses several critical and high-risk vulnerabilities, led by a command injection flaw in S/4HANA that could allow full system compromise. Other significant patches fix an authentication bypass in SAP Financial Consolidation and two information disclosure vulnerabilities in SAP BusinessObjects and NetWeaver AS ABAP. This month’s security notes require immediate attention

Read Article

What Are the Proposed Changes to the HIPAA Security Rule?

The U.S. Department of Health and Human Services (HHS) has proposed significant updates to the HIPAA Security Rule to address modern cyber threats. The changes mandate specific security practices, including regular vulnerability assessments and penetration tests, strict patch management deadlines, and the universal application of controls that were previously considered “addressable.” Executive Summary The Health

Read Article

SAP Security Notes March 2025: Key Vulnerabilities Patched

SAP’s security notes for March 2025 address several high-priority vulnerabilities across its product landscape. The patches include a high-risk missing authorization check in SAP NetWeaver AS ABAP, a Cross-Site Scripting (XSS) flaw in SAP Commerce, an authentication bypass in SAP Approuter, and multiple issues in SAP Commerce Cloud stemming from a vulnerable version of Apache

Read Article
« Page1 Page2 Page3 Page4 Page5 … Page27 »
Layer Seven Security Logo
  • Contact Us
  • Request a Demo
  • Our Company
  • Our Customers
  • Our Success Stories
  • Contact Us
  • Request a Demo
  • Our Company
  • Our Customers
  • Our Success Stories
  • Contact Us
  • Request a Demo
  • Our Company
  • Our Customers
  • Our Success Stories
  • Contact Us
  • Request a Demo
  • Our Company
  • Our Customers
  • Our Success Stories
Solutions
  • Cybersecurity Extension for SAP
  • Product Comparison
  • Cybersecurity Extension for SAP
  • Product Comparison
  • Cybersecurity Extension for SAP
  • Product Comparison
  • Cybersecurity Extension for SAP
  • Product Comparison
Services
  • SAP RISE Security Compliance
  • Cybersecurity Assessment
  • Code Vulnerability Assessments
  • Penetration Testing
  • SAP RISE Security Compliance
  • Cybersecurity Assessment
  • Code Vulnerability Assessments
  • Penetration Testing
  • SAP RISE Security Compliance
  • Cybersecurity Assessment
  • Code Vulnerability Assessments
  • Penetration Testing
  • SAP RISE Security Compliance
  • Cybersecurity Assessment
  • Code Vulnerability Assessments
  • Penetration Testing
Resources
  • Threat Reports & Advisories
  • Whitepapers
  • News
  • Threat Reports & Advisories
  • Whitepapers
  • News
  • Threat Reports & Advisories
  • Whitepapers
  • News
  • Threat Reports & Advisories
  • Whitepapers
  • News
Recent News

SAP Security Notes, July 2026

Security Logging for SAP BTP

SAP Security Notes, June 2026

SAP Security Notes, July 2026

Security Logging for SAP BTP

SAP Security Notes, June 2026

Browse Previous Content
Copyright © 2010-2026 Layer Seven Security Inc. All rights reserved.

Sitemap    Privacy Policy

The Gartner Peer Insights Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Layer Seven Security Logo
  • Cybersecurity Extension for SAP
    • Product Information
    • Features
      • SAP RISE Security
      • S/4HANA Migration Security
      • Code Vulnerability Analysis for SAP
      • SIEM Integration for SAP
      • NIS2 Compliance for SAP
      • Virtual Patching for SAP
    • Buyers Guide
  • Services
    • SAP RISE Security Compliance
    • SAP Cybersecurity Assessment
    • SAP Penetration Testing
    • SAP Code Vulnerability Assessment
  • Success Stories
  • Resources
    • Case Studies
    • Whitepapers
    • News
    • Threat Reports & Advisories
  • Contact Us