Key Insights Blog

Read the latest insights from our experts on Cybersecurity and Risk management for SAP.

SAP Vulnerability

Details about SAP vulnerability CVE-2022-22536 – Request smuggling

In SAP’s patch round of February 2022, an SAP Security Note was released with a CVSS score of 10/10 named, “Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher”. This particular type of vulnerability is not common in SAP systems and therefore interesting to look at. As patching the SAP kernel executables is often not done promptly, we can expect this vulnerability present in the customer’s systems for quite some time.

February 20, 2024 No Comments

SAP Cybersecurity

Hardening the ICM with ACLs – a practical example

In one of our recent articles, we pointed out the use of Access Control Lists (ACLs) to better manage access control. Below, we will show a practical example of how this can be done for inbound HTTP communication with the ‘Internet Communication Manager’ (ICM) component of an SAP system.

February 15, 2024 No Comments

SAP Security Reasearch Labs - SecurityBridge

Press coverage

SAP Security Response zählt das SecurityBridge Research Lab zuden Top-3 weltweit

Leiter des Forschungslabors ist Joris Van De Vis, Director of Security Research bei SecurityBridge und Mitgründer des SAP-Sicherheits-Spezialisten Protect4S, der seit September 2013 zu SecurityBridge gehört

February 13, 2024 No Comments

SAP Security Patch Day

SAP Security Patch Day – February 2024

For February 2024, 13 new Security Notes have been released and 3 have been updated. Lets look at some highlights, starting with the ‘HowNews’ notes.

February 13, 2024 No Comments

SAP Vulnerability

Prerequisites for an AI-driven SAP Security – Part 2: System Hardening

While Patch Management helps you implement code fixes for known vulnerabilities in the system code, your SAP system still has a huge number of parameters and settings that influence the behavior of the application. Quite a few of them are security-related and have a significant impact on your attack surface.

It is key for the security of your business-critical SAP systems that you harden them.

February 9, 2024 No Comments

SAP Threat Monitoring

Integrating Privileged Access Management into the SecurityBridge SAP Platform

The inclusion of Privileged Access Management (PAM) in our platform marks a significant advancement for existing and future customers. Until now, our focus was primarily on monitoring and detection. With PAM, the platform extends its capabilities to grant, manage, and audit privileged access in SAP’s ABAP/4 based products. Looking ahead, we plan to expand this functionality to include JAVA-based SAP products too.

February 6, 2024 No Comments

Platform Overview

More from SecurityBridge