SecurityBridge’s Post

New Sap Netweaver Bug Enables Takeover  CyberMaterial  https://lnkd.in/eb8AxvAz Although there is no evidence that these specific flaws have been actively exploited in the wild, it is crucial for users to apply these latest patches and mitigations immediately. As Pathlock’s Jonathan Stross points out, deserialization remains a significant risk, and the P4/RMI chain continues to be a major source of critical exposure in AS Java. #IGA #beyondIGA #compliance #soxcompliance #grc #applicationaccess #useraccessreview #identitysecurity #applicationsecurity #microsoftsecurity #microsoftentra #sapsecurity #sapgrc #oraclesecurity #peoplesoftsecurity #servicenowsecurity #workdaysecurity #salesforcesecurity Pathlock Pathlock Deutschland GmbH

A newly disclosed vulnerability in SAP NetWeaver AS ABAP and ABAP Platform (CVE-2025-42902) allows unauthenticated attackers to crash server processes by sending malformed SAP Logon or SAP Assertion Tickets. Rated Medium severity with a 5.3 CVSS 3.1 score, the flaw stems from a NULL pointer dereference that triggers memory corruption and process termination. #staycurious #stayinformed #noble1 #tomshaw TOM SHAW

SAP Focused Run has a nice feature to check the security baseline across your entire landscape. Can be used for ABAP parameters, but also for example for HANA database security settings. Read more: https://lnkd.in/gAmSS_vj

𝗡𝗼𝘃𝗲𝗺𝗯𝗲𝗿 𝗦𝗔𝗣 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗣𝗮𝘁𝗰𝗵 𝗗𝗮𝘆 𝟮𝟬𝟮𝟱  • 18 new security notes  • 2 updated notes SAP Security Express Analysis with Offline Security Tool: https://offlinesec.com (free tool) * The vulnerability for SQL Anywhere has 10,0 CVSS

Stop the security headache! If you're using the generic ESBMessaging.send role for your SAP CPI iFlows, you're leaving all your interfaces vulnerable. Learn the right way to implement granular security using the Custom MessagingSend Role and BTP OAuth in my new tutorial! #SAPIntegrationSuite #CPISecurity #CustomMessagingSendRole #SAPCPI

#Day37:  Security Material in SAP CPI: What, Why, and How?  Security is a critical pillar in any integration scenario—and in SAP CPI, Security Materials help safeguard communications between systems. These artifacts ensure secure authentication, encryption, and trusted connectivity. What is Security Material?  Security Material in SAP CPI refers to a set of artifacts that store sensitive information required to authenticate and authorize communication between systems. Types of Security Material:  1. User Credentials  Stores a username and password. Used for basic authentication in HTTP, SFTP, etc. 2. OAuth2 Credentials  Stores token URLs, client IDs, and secrets. Used when connecting to APIs that require OAuth 2.0 flows  3. Client Certificate  Upload a public certificate to authenticate via mutual TLS. Ensures secure and trusted partner connections.  4. Keystore Stores private keys and trusted certificates. Used for signing/encrypting messages and SSL connections.  5. PGP Keys Used for encrypting and decrypting messages using PGP standards. Why is it Important?  Protects sensitive data like credentials and keys. Enables secure communication with external and internal systems. Essential for compliance with enterprise security standards. Supports authentication protocols like Basic Auth, OAuth2, and mTLS  How to Create & Use:  1. Navigate to Monitor → Manage Security → Security Material. 2. Click Create → Select type (User Credentials, OAuth2, etc.). 3. Enter relevant details securely. 4. Reference the created security material in your iFlow (e.g., within HTTP/SFTP adapter or script). Pro Tip: Avoid hardcoding credentials inside iFlows. Always externalize them

👂 💬 Sometimes overlooked, often underestimated is the power of your SAP security running outside of SAP. Why does it matter? If your SAP systems go down, so does your security and that leaves you vulnerable. You can't afford that. That's why an external solution is crucial. If you need nine more reasons that companies choose Onapsis, view them here: https://bit.ly/43HHItY

🔍 SE16 vs SE16N – Why Do They Show Different Results for AGR_DEFINE? Ever noticed that SE16 and SE16N return different results for the same table in SAP? Here’s a common scenario with table AGR_DEFINE: SE16 shows the expected result: ✅ 1 hit SE16N shows multiple hits, depending on your logon language 🤔 🧠 Why does this happen? SE16N performs a join with AGR_TEXTS to display role descriptions. If a role has long texts, SE16N shows one line per long text line. These texts are language-dependent, so results vary based on your logon language. 💡 Example: Log in with EN → 4 hits Log in with DE → 1 hit (if no DE translation exists) 🔐 SAP Security Tip When auditing roles or analyzing AGR_DEFINE: ✅ Use SE16 for consistent results ⚠️ Be cautious with SE16N if long texts or multilingual data are involved 📣 I’ve explained this in detail in my latest YouTube video on SAP Security deep dives. 🎥 Watch here: https://lnkd.in/dyhXK-EV Happy to support your SAP journey whether it’s training, upskilling, practice server, career direction, or job search guidance. Let’s connect. 👇 https://wa.link/ma9ifw #SAPSecurity #SE16H #SE16N #SAPTips #SAPGRC #SAPAuthorization #SAPTraining #SAPRoles #LinkedInLearning #SAPCommunity

Cleaning Up Unused T-Codes: Turning Monthly Role Reviews into Real Security Value Most companies that take SAP security seriously perform regular security reviews. They evaluate authorization history, approval accuracy, and potential policy violations, believing that all necessary actions have been completed through the process. But there’s one thing often overlooked — the risk inside the role itself. Unused T-Codes can stay within roles for years, and these “forgotten permissions” eventually become hidden risks. So I used STAD / RSSTAT27 usage data and created a simple ABAP report to identify T-Codes not used in the past 90 days. The results were linked to the GRC role review workflow for cleanup. It’s not a grand automation — just a small improvement that makes monthly reviews actually meaningful. Security isn’t only about adding new controls. Sometimes, it starts with knowing what to remove. #SAPSecurity #GRC #RoleReview #AccessControl #ABAP #Automation

A CRITICAL vulnerability (CVE-2025-42887, CVSS 9.9) in SAP Solution Manager ST 720 allows authenticated attackers to inject and execute arbitrary code, potentially compromising confidentiality, integrity, and availability. With SAP Solution Manager central to enterprise operations, exploitation could disrupt business processes, expose sensitive data, and enable lateral movement across networks—especially concerning for European sectors. Recommendations: Monitor SAP advisories for updates, limit access to trusted admins, enable MFA, and strengthen logging and monitoring. Proactively audit privileges and segment your network to reduce exposure. 🔒 Stay vigilant until a patch is released. https://lnkd.in/dkC4Y__T #OffSeq #SAPSecurity #Vulnerability #PatchManagement #CyberRisk