Managed Service for SAP Enterprise Threat Detection

We discover threats or suspicious activity inside your SAP landscape and take countermeasures to protect your most valuable business assets – your data.

SAP Security Patch Day 07/2022

The number of published notes since the last Patch Day (including the July date this Tuesday): twenty-three. 23 – with this number Michael Jordan dominated the NBA.

SAP Security Patch Day 06/2022

Security officers sometimes must exercise patience and just do the diligence work – without anything countable coming out right away. And that’s how the June patch day feels, which we want to apply in the usual manner to our own HCM system.

SAP Security Patch Day 05/2022

Patch in May or go away” … that’s how an old stock market saying should sound if you want to adapt it to the security of IT systems: continuous patching is a must if you are serious about this goal.

SAP Security Patch Day 04/2022

That’s what you might think when you look at this month’s list of Security Notes, which is over 30 entries strong. Once again, we are reporting here from the field!

SAP Security Patch Day 03/2022

While the February Security Patch Day included a lot of activities (SAP kernel and SAP web dispatcher update, upgrade of SAP Business Client, etc.), the list of security notes for March seems to be manageable for now: a total of 12 new and 4 updated notes.

SAP Security Patch Day 02/2022

The SAP Security Patch Day of February 2022 was once again quite extensive: with 7 notices with the highest risk rating (CVSS score=10).

SAP Security Patch Day 01/2022

A total of 9 notes were published by SAP in January, with note 3131047 being the collective note for the fixes for the “log4shell” vulnerability – a total of 21 additional notes are referenced there.

SAP Security Patch Day Blog-Series

SAP Security Patch Day Blog-Series In this new smarterSec blog-series, we will address the topic of the SAP Security Patch Day from a practical point of view. The focus is not so specifically on the technical analysis of the vulnerabilities, but rather on our experiences and the description of the procedure for applying the critical/high-priority […]

Critical vulnerability in log4j

The vulnerability, officially marked as CVE-2021-44228, has been given a CVSS Base Score of 10.0, which is the highest rating. The BSI also shares this opinion and has changed the IT threat level to 4/red