Skip to main content
Blog

Protect4S research found over 100 SAP cybersecurity vulnerabilities

By 17 January 2023No Comments

Top-3 ranking worldwide 

research

Since the start of Protect4S, we have been committed to make the world more secure. Doing SAP security research is one of the activities to achieve this. We are therefore proud to announce that since we started doing SAP Security research in 2010, the Protect4S Security research team has discovered and reported more than 100 zero day vulnerabilities in SAP solutions. Even though there are no vendor rewards or bug bounties and countless efforts of volunteer work was spent on this, we believe this achievement is important and underlines our mission to protect all SAP systems around the world by making SAP cybersecurity software accessible and affordable to everyone. Since 77% of the global transactions revenue touches an SAP system at one point, SAP systems are playing an important part in the world.  

image - Protect4S research found over 100 SAP cybersecurity vulnerabilities

The number of vulnerabilities reported to the SAP Security team ranks Protect4S in a top 3 position worldwide and makes Protect4S an important SAP security partner. With over 100 vulnerabilities reported, Protect4S contributes to securing the SAP ecosystem, SAP products and SAP customers, but also drives innovation and improvement of the SAP security solutions we provide ourselves.  

The Protect4S Vulnerability Management solution offers more than 2000 checks to customers to gain deep insight into vulnerabilities and misconfigurations in their SAP systems. Protect4S research led to many SAP Security bugfixes/notes that are considered when scanning your SAP landscape with the Protect4S VM solution. Dozens of SAP Security notes, ranging from low-risk notes to Hotnews notes with CVSS score of 9+/10 were created based on findings from Protect4S research.  

The recently launched Protect4S Threat Detection solution that helps customers to identify real-time threats occurring in their SAP systems, also benefited from the research done. For example new discovered SAP default accounts in the SAP Solution Manager can be detected when being used to logon to an SAP system. These accounts were discovered via Protect4S research and are part of both the Protect4S VM and TD solution from a prevention and detection perspective. 

Apart from research on the SAP codebase, Protect4S research also conducted internet scanning over the years, to search for internet-connected SAP systems and report on the findings. This research has in the meantime been moved to the Dutch Institute for Vulnerability Disclosure where some SAP cases were picked up already. All to underpin our mission to make the world a bit more secure….! 

Interested to learn how we can help you run your SAP landscape more secure? Please contact us as we are happy to tell you more about our SAP Vulnerability Management and Threat Detection capabilities. For more SAP security-related news, articles, and whitepapers, please follow us on LinkedIn!