SAP HANA post exploitation vectors

This week the Onapsis Research Labs released an advisory for a server-side code injection vulnerability in SAP HANA integrated IDE. For more information about the SAP Note that fixes this issue, please refer to the Onapsis Research Labs advisory. To define a reasonable exploitation scenario, we will assume the following conditions are met by our testing landscape:

Analyzing SAP Security Notes August 2014 Edition

SAP is a complex and ever changing system, whether because of changes introduced to your SAP implementation to better suit your business or applying Security Notes (Patches) to ensure that newly disclosed vulnerabilities are mitigated. In order to provide a predictable and scheduled flow of vulnerability mitigation and security patches SAP releases their latest Security Notes information the second Tuesday of every month.

Analyzing SAP Security Notes June 2014 Edition

SAP is a complex and ever changing system, whether because of changes introduced to  your SAP implementation to better suit your business or through the application of Security Notes (Patches) to ensure that newly disclosed vulnerabilities are mitigated. In order to provide a predictable and scheduled flow of vulnerability mitigation information and security patches, SAP releases their latest Security Notes information on the second Tuesday of every month.

Analyzing SAP Security Notes May 2014 Edition

SAP is a complex and ever changing system, whether because of changes introduced to your SAP implementation to better suit your business or through the application of Security Notes (Patches) to ensure that newly disclosed vulnerabilities are mitigated. In order to provide a predictable and scheduled flow of vulnerability mitigation information and security patches, SAP releases their latest Security Notes information on the second Tuesday of every month.

Analyzing SAP Security Notes April 2014 Edition

SAP is a complex and ever changing system, whether because of changes introduced to your SAP implementation to better suit your business or through the application of Security Notes (Patches) to ensure that newly disclosed vulnerabilities are mitigated. In order to provide a predictable and scheduled flow of vulnerability mitigation information and security patches, SAP releases their latest Security Notes information on the second Tuesday of every month.

Analyzing SAP Security Notes March 2014 Edition

SAP is a complex and ever changing system, whether because of changes introduced to your SAP implementation to better suit your business or applying Security Notes (Patches) to ensure that newly disclosed vulnerabilities are mitigated. In order to provide a predictable and scheduled flow of vulnerability mitigation and security patches, SAP releases their latest Security Notes information the second Tuesday of  every month.

How Malware is evolving into the first step of attacks against SAP systems

When I talk to CISOs and other business leaders who are responsible for critical applications that rely on SAP a common question I get is how I would quantify the threat to their SAP systems. We talk about stories that have been shared with them by their colleagues, and the importance and value of following best practices.

Pages

Subscribe to our monthly newsletter, the Defender's Digest!