Skip to main content
Blog

Protect4S releases new SAP security template

By 29 November 2021March 29th, 2022No Comments

Find those exploitable SAP CISA Binding Operational Directive (BOD) 22-01 vulnerabilities!

SAP

On November 3 2021, the Cybersecurity and Infrastructure Security Agency of the United States government (CISA) has issued Binding Operational Directive (BOD) 22-01, The directive establishes a CISA managed catalog of known exploited vulnerabilities and requires federal civilian agencies to identify and remediate these vulnerabilities on their information systems.

Although BOD 22-01 requires action from federal civilian agencies only, CISA strongly recommends that private businesses and state, local, tribal, and territorial (SLTT) governments review and monitor the catalog and remediate the listed vulnerabilities to strengthen their security and resilience posture. Building collective resilience requires action across all stakeholders.

The list currently contains the following SAP related vulnerabilities that have been actively exploited in the wild:

CVEDescriptionSAP NoteProtect4S Check
CVE-2010-5326​SAP NetWeaver AS JAVA RCE (Invoker Servlet)1445998SN-JS-0006-01
CVE-2016-3976​SAP NetWeaver AS Java Directory Traversal Vulnerability2234971SN-JS-0115-01
CVE-2016-9563SAP NetWeaver AS JAVA XXE Vulnerability2296909SN-JS-0178-01
CVE-2018-2380​SAP NetWeaver AS JAVA CRM RCE2547431SN-JS-0248-01
CVE-2020-6207​SAP Solution Manager (User Experience Monitoring)2890213SN-JS-0312-01
CVE-2020-6287​SAP NetWeaver AS JAVA (LM Configuration Wizard)2934135SN-JS-0324-01

Protect4S supports this initiative and has created a new security template that will be updated in line with CISA, making it possible for SAP Customers to quickly determine whether they comply to this directive.

This new template will be distributed with Protect4S 6 Support package 2 coming December.

For more SAP security-related news, articles, and whitepapers, please follow us on LinkedIn!

Try out Protect4S for 1 month for free or request a demo!