Skip links

RedRays at Black Hat MEA 2023

🔒 “FROM ON-PREMISES TO CLOUD: A COMPREHENSIVE ANALYSIS OF SAP SECURITY ISSUES” 🔒

📅 17:40, Wed, Nov 15
📍 Briefing Stage 4

At the Black Hat MEA conference, our team, including top experts, is set to take the stage. We invite you to join us and delve into the world of SAP security, where we will discuss the risks and threats associated with this system.

📢 In this session, we will explore the security vulnerabilities within the SAP system and the potential risks they pose to companies. The SAP system consists of various components, including SAP HANA, SAP Solman, SAP Cloud Connector, and SAP ME, which are customized to meet the specific requirements of each organization. While some companies utilize SAP’s cloud solutions alongside on-premise solutions, any vulnerabilities or misconfigurations within these components can jeopardize the entire SAP system. We will also delve into two distinct attack vectors that can be exploited to compromise the system’s security.

At the event, the attendees will get an opportunity to listen to the RedRays Lead Security Researcher, Vahagn Vardanian, who will share the findings of the investigation conducted by the RedRays Research and Development Center on the vulnerabilities of the SAP enterprise software.
During the presentation the Proof of Concepts of the following vulnerabilities CVE-2023-0012, CVE-2022-39802, CVE-2021-21480 discovered by our team will be published and other issues such as MS Defender Bypass, Decrypt SAP SSFS, and some SAP Misconfigurations will be discussed.
The vulnerabilities have been reported to SAP and have already been fixed.

🔍 What have we done? Our experts have conducted a thorough analysis of SAP vulnerabilities and will share the results of our research at this conference. You will learn about two unique attack vectors that can pose a threat to SAP system security.

Join us at Black Hat MEA and discover more about securing your company in the world of SAP. Our presentation will be a highlight of the conference, and we look forward to seeing you there!

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies

SAP Security Patch Day RedRays

May 2024 SAP Security Patch Day

Vulnerability: Multiple vulnerabilities in SAP CX Commerce SAP Component: CEC-SCC-PLA-PL CVE ID: CVE-2019-17495 CVSS Score: 9.8 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Category: Program error