In SAP’s patch round of February 2022, an SAP Security Note was released with a CVSS score of 10/10 named, “Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher”. This particular type of vulnerability is not common in SAP systems and therefore interesting to look at. As patching the SAP kernel executables is often not done promptly, we can expect this vulnerability present in the customer’s systems for quite some time.
Joris van de Vis
For real-time SAP Threat Detection, it is quite common to monitor SAP systems from a Security Operations Centre (SOC) by using central SIEM solutions. However, traditionally, these SIEM solutions are not ‘SAP-aware’ and should be fed with SAP security-relevant data to get the most out of them and secure the entire organization.
This article outlines key SAP systems vulnerabilities, emphasizing the importance of timely prevention and detection for mitigating attacks.
SAP Platform Security plays a critical role in the final defence line as strengthening the SAP application layer is important.
This article highlights SecurityBridge Research Lab’s discovery of 100+ zero-day vulnerabilities in SAP software, enhancing SAP security.
In this blog, we highlight the vulnerability of small and medium-sized businesses’ SAP systems to cyber-attacks.
In this blog, we talk about the practical exploitation of SAP vulnerability CVE-2021-44231 and provide a solution to address it.
This article explores the risks associated with SAP default settings, focusing on the vulnerability of the secure store mechanism, decryption risks, and effective preventive measures.