Skip to content
Layer Seven Security Logo
  • Cybersecurity Extension for SAP
    • Product Information
    • Features
      • SAP RISE Security
      • S/4HANA Migration Security
      • Code Vulnerability Analysis for SAP
      • SIEM Integration for SAP
      • NIS2 Compliance for SAP
      • Virtual Patching for SAP
    • Buyers Guide
  • Services
    • SAP RISE Security Compliance
    • SAP Cybersecurity Assessment
    • SAP Penetration Testing
    • SAP Code Vulnerability Assessment
  • Success Stories
  • Resources
    • Case Studies
    • Whitepapers
    • News
    • Threat Reports & Advisories
  • Contact Us
Book a Demo
Book a Demo
Layer Seven Security Logo
Menu Icon

Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

EXECUTIVE SUMMARY

Leading the Conversation in SAP Cybersecurity

Our blog is the premier resource for CISOs and SAP security and Basis specialists seeking deep technical insights into the SAP threat landscape. Our research team provides expert analysis on emerging attack vectors targeting S/4HANA, SAP RISE, and SAP BTP, as well as practical guidance on meeting global compliance standards such as NIS2 and SOX. By translating complex vulnerability disclosures into actionable defense strategies, we empower the global SAP community to harden their mission-critical environments and implement proactive monitoring frameworks that bridge the gap between SAP teams and security operations.

Recent Articles & Threat Intel

Search

SAP Security Notes: July 2023 Vulnerability Summary

The July 2023 SAP security updates address critical vulnerabilities, including OS command injection in SAP ECC and S/4HANA (note 3350297), buffer overflow and HTTP request smuggling in SAP Web Dispatcher (notes 3340735 and 3233899), and blind SSRF and header injection in the Diagnostics Agent (notes 3352058 and 3348145). The July 2023 SAP security advisories focus

Read Article

How to Discover Actively Exploited Vulnerabilities in Your SAP Systems

You can discover actively exploited vulnerabilities in your SAP systems by using automated correlation tools that link system activity logs with identified vulnerability scans. This approach allows security teams to prioritize remediation efforts on weaknesses currently being targeted by threat actors rather than attempting to address every identified vulnerability. Executive Summary SAP environments present a

Read Article

SAP Security Notes: June 2023 Vulnerability Summary

The June 2023 SAP security updates addressed high-priority vulnerabilities across multiple platforms, including SAP UI5, SAP Knowledge Warehouse, and various NetWeaver-based applications. These patches primarily target cross-site scripting (XSS) and clickjacking risks, providing necessary input validation and configuration restrictions to protect SAP environments from malicious exploitation. Executive Summary The June 2023 SAP security update cycle

Read Article

Security Patching for SAP Solutions: Best Practices and Challenges

Security patching for SAP solutions is the most significant action organizations can take to secure their environments against known vulnerabilities. SAP releases security notes on “Patch Tuesday,” the second Tuesday of each month, providing essential corrections. Because unpatched systems are consistently reported as a top-three threat to SAP environments, maintaining an effective patching process is

Read Article

Cybersecurity Threats to SAP Systems: 5 Key Risks and Recommendations

Managing cybersecurity for SAP systems requires addressing unpatched vulnerabilities, ransomware, credentials compromise, system interfaces, and access controls. This report, based on the 2023 Cybersecurity Threats to SAP Systems Report, outlines actionable strategies to secure your environment using SAP ALM platforms and the Cybersecurity Extension for SAP. Executive Summary The 2023 landscape for SAP security is dominated by

Read Article

SAP Security Notes: May 2023 Patch Summary

In May 2023, SAP released critical security updates addressing vulnerabilities across several platforms, most notably SAP BusinessObjects (BOBJ) and the SAP 3D Visual Enterprise License Manager. These updates include patches for information disclosure, code injection, broken authentication, and session hijacking risks that require immediate attention from security administrators. Executive Summary The May 2023 SAP security

Read Article

Is SAP ASE the Most Vulnerable Point in Your SAP Landscape?

SAP Adaptive Server Enterprise (ASE) is a widely-used relational database server for SAP solutions that requires specific security measures to prevent exploitation. While SAP HANA receives significant attention, ASE security is often overlooked, leaving it a vulnerable target for threat actors. Implementing automated vulnerability management, security patching, and real-time threat detection is essential for securing

Read Article

SAP Security Notes: April 2023 Summary

In April 2023, SAP released several critical security notes addressing vulnerabilities in its software. Key patches included Note 3305369 for the SAP Diagnostics Agent, Note 3294595 for SAP NetWeaver AS ABAP, Note 3298961 for SAP BOBJ, and Note 3305907 for the BI Content Add-on for AS ABAP. The April 2023 SAP security update focused on

Read Article

What’s New in the Cybersecurity Extension for SAP

The new release of the Cybersecurity Extension for SAP (CES) brings enhanced threat detection and configuration checks to SAP environments, including CVE/CVSS integration for security notes, directory traversal protection, and expanded Indicators of Compromise (IOC) patterns for Microsoft Server platforms, all designed to improve SAP security posture and compliance. Executive Summary The latest release of

Read Article

SAP Security Notes: March 2023 Vulnerability Summary

What are the critical SAP security vulnerabilities addressed in March 2023? In March 2023, SAP released patches for several high-risk vulnerabilities, including a critical SQL injection in NetWeaver AS Java, authentication bypasses in the LockingService, and code execution risks in SAP BusinessObjects Business Intelligence (BOBJ). These updates are essential for maintaining system integrity and preventing

Read Article

SAP Security Notes: Critical Vulnerabilities and Updates for February 2023

The February 2023 SAP Security Notes address critical vulnerabilities across NetWeaver Application Server Java, the SAP Host Agent, and SAP BusinessObjects. Key patches include fixes for JNDI interface exposure, privilege escalation via webservice requests, and unrestricted file upload vulnerabilities, alongside necessary corrections for side effects introduced by earlier security patches. Executive Summary The February 2023

Read Article

Analyzing Security Notes with SAP Maintenance Planner

SAP Maintenance Planner is a cloud-based solution that helps administrators identify, track, and manage SAP security notes and software updates. It simplifies landscape management by providing direct access to recommended notes—categorized by security, performance, and legal requirements—along with essential vulnerability data like CVE, CVSS, and vector information for each note. SAP Maintenance Planner serves as

Read Article
« Page1 … Page5 Page6 Page7 Page8 Page9 … Page27 »
Layer Seven Security Logo
  • Contact Us
  • Request a Demo
  • Our Company
  • Our Customers
  • Our Success Stories
  • Contact Us
  • Request a Demo
  • Our Company
  • Our Customers
  • Our Success Stories
  • Contact Us
  • Request a Demo
  • Our Company
  • Our Customers
  • Our Success Stories
  • Contact Us
  • Request a Demo
  • Our Company
  • Our Customers
  • Our Success Stories
Solutions
  • Cybersecurity Extension for SAP
  • Product Comparison
  • Cybersecurity Extension for SAP
  • Product Comparison
  • Cybersecurity Extension for SAP
  • Product Comparison
  • Cybersecurity Extension for SAP
  • Product Comparison
Services
  • SAP RISE Security Compliance
  • Cybersecurity Assessment
  • Code Vulnerability Assessments
  • Penetration Testing
  • SAP RISE Security Compliance
  • Cybersecurity Assessment
  • Code Vulnerability Assessments
  • Penetration Testing
  • SAP RISE Security Compliance
  • Cybersecurity Assessment
  • Code Vulnerability Assessments
  • Penetration Testing
  • SAP RISE Security Compliance
  • Cybersecurity Assessment
  • Code Vulnerability Assessments
  • Penetration Testing
Resources
  • Threat Reports & Advisories
  • Whitepapers
  • News
  • Threat Reports & Advisories
  • Whitepapers
  • News
  • Threat Reports & Advisories
  • Whitepapers
  • News
  • Threat Reports & Advisories
  • Whitepapers
  • News
Recent News

SAP Security Notes, July 2026

Security Logging for SAP BTP

SAP Security Notes, June 2026

SAP Security Notes, July 2026

Security Logging for SAP BTP

SAP Security Notes, June 2026

Browse Previous Content
Copyright © 2010-2026 Layer Seven Security Inc. All rights reserved.

Sitemap    Privacy Policy

The Gartner Peer Insights Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Layer Seven Security Logo
  • Cybersecurity Extension for SAP
    • Product Information
    • Features
      • SAP RISE Security
      • S/4HANA Migration Security
      • Code Vulnerability Analysis for SAP
      • SIEM Integration for SAP
      • NIS2 Compliance for SAP
      • Virtual Patching for SAP
    • Buyers Guide
  • Services
    • SAP RISE Security Compliance
    • SAP Cybersecurity Assessment
    • SAP Penetration Testing
    • SAP Code Vulnerability Assessment
  • Success Stories
  • Resources
    • Case Studies
    • Whitepapers
    • News
    • Threat Reports & Advisories
  • Contact Us