[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver

Please refer to https://www.esnc.de for the original security advisory, updates and additional information. ———————————————————————— 1. Business Impact ———————————————————————— This vulnerability allows injection of ABAP code to the remote SAP system. In SAP security, this is the equivalent of getting an ultra-reliable ring 0 exploit which works through the network and never crashes. By exploiting this…

[ESNC-2013-005] Remote Code Injection in SAP ERP Central Component – Project System

Please refer to https://www.esnc.de for the original security advisory, updates and additional information. ———————————————————————— 1. Business Impact ———————————————————————— Project System, which is part of SAP ERP, provides tools to track project costs and resources. It is tightly integrated with Controlling, Human Resources, and Logistics modules. This vulnerability allows execution of arbitrary program code of the…

[ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication Services

Please refer to https://www.esnc.de for the original security advisory, updates and additional information. ———————————————————————— 1. Business Impact ———————————————————————— This vulnerability allows executing arbitrary operating system commands on the remote SAP system with the rights of the SAP application user. By exploiting this vulnerability, an attacker can take complete control of the SAP application and data…

[ESNC-2013-002] Privilege Escalation in SAP Production Planning and Control

Please refer to https://www.esnc.de for the original security advisory, updates and additional information. ———————————————————————— 1. Business Impact ———————————————————————— This vulnerability allows bypassing authority checks that exist before executing a transaction. A transaction in SAP terminology is the execution of a program. By exploiting  this vulnerability, an attacker can also control the transaction to be executed, allowing…

[ESNC-2013-001] Privilege Escalation in SAP Healthcare Industry Solution

Please refer to https://www.esnc.de for the original security advisory, updates and additional information. ———————————————————————— 1. Business Impact ———————————————————————— This vulnerability allows bypassing authority checks that exist before executing a transaction. A transaction in SAP terminology is the execution of a program. By exploiting  this vulnerability, an attacker can also control the transaction to be executed,…

ESNC Security Suite - SAP Security Audit results

Top 5 SAP Security Recommendations

What are the top 5 SAP security recommendations? SAP security is crucial. At ESNC, we have conducted numerous SAP security assessments to date. Based on our experiences with multiple large enterprise customers and financial organizations, we’d like to summarize our top 5 recommendations for having a secure SAP landscape in this knowledge base article. We…

ESNC – SAP Forensics

ESNC provides SAP forensic analysis services for security incident response teams and for law enforcement. Whether it is an SAP system breach or a case of corporate fraud, the financial risks of economic crime can be immense. We help to investigate, analyze and resolve potential crises and provide forensic advisory services upfront to prevent them.…

Securing SAP Systems - ESNC Software

SAP Pentesting | Services by ESNC

SAP penetration testing focuses on actual threats. It is an essential part of SAP security audit activities. It helps analyzing SAP security by running public or private SAP exploits and using SAP configuration weaknesses for systems compromise. Application scenarios include server installation of ESNC Software: Server installation of ESNC Penetration Testing Suite Regular assurance testing/pentesting…

ESNC Code Security: Source Code Scanner for ABAP™

Securing self developed ABAP programs, BSP pages, and DynPros is a difficult task for large organizations. Without the presence of automated tools, it is almost impossible to accomplish. We believe that in any system where development is done, secure software life-cycle models must be implemented, regular SAP security audits should be extended to include ABAP…

SAP Security Intelligence

ESNC Security Intelligence middleware is an integral part of the Enterprise Threat Monitor. It is available as the SAP SIEM integration add-on. We leveraged our experience in years of SAP integration development to build a middleware for our partners to access critical SAP security event information. Best suitable for SIEM solution providers who want to include…

ESNC – SAP Security Consulting

What is SAP Security Consulting? SAP security consultancy focuses on opening gaps, detecting SAP security vulnerabilities and providing recommendations for mitigation. How we help securing SAP systems SAP security consultants of ESNC help securing SAP applications of many Fortune 100 companies, banks, central banks and enterprise in major industries. We are the experts in SAP security.…

SAP Security Jobs at ESNC

For our SAP competence center in Munich, we are looking for senior SAP security consultants with solid SAP security skills All positions require at least 50% travel both in Germany and in Europe. M/F Senior SAP Security Consultant (Ref: SN_CS) 5+ years of SAP Security Design, Implementation and Administration in a Global SAP Environment ECC…