Pages

Download SAP Certification Material for FREE @ http://sap-ebooks-den.blogspot.com

Thursday, March 10, 2011

Important SAP Security Notes

Collective Security Note: 1394093

1394100 Access to RFC-enabled modules via SOAP
1375125 Report BEFG_TEMPLATE_CREATE must not be used in production
1363371 FS-CD: Missing authorization checks SAPRGEN_CD
1362972 Industry Solution Migration Workbench: Authorization check
1361038 Report RJ-JXINI generates unnecessary source code
1357370 No authorization check for editor
1356215 Missing authorization check in EMMACLS generation program
1355614 IS-M/ PMD: Obsolete source code in master data generator
1237762 ABAP systems: Protection against password hash attacks
821875 Security settings in the message server
2383 – Documentation: description of “super user” SAP*
2467 – Password rules and preventing incorrect logons
13202 – Security aspects in ABAP programming
26909 – SE16 – Security
68048 – Deactivating the automatic SAP* user
862989 – New password rules as of SAP NetWeaver 2004s (NW ABAP 7.0)
874738 – New password hash calculation procedure (code version E)
991968 – Value list for login/password_hash_algorithm
1023437 – ABAP syst: Downwardly incompatible passwords (since NW2004s)
1133739 – Security note: Security gap in Data Browser (SE16)
1392352 Cross-site scripting
1388864 ABAP web services authorization check does not work
1388729 SE80 authorization check in RS_TOOL_ACCESS
1375125 Report BEFG_TEMPLATE_CREATE must not be used in production
1363371 FS-CD: Missing authorization checks SAPRGEN_CD
1362972 Industry Solution Migration Workbench: Authorization check
1361038 Report RJ-JXINI generates unnecessary source code
1357370 No authorization check for editor
1356215 Missing authorization check in EMMACLS generation program
1355614 IS-M/ PMD: Obsolete source code in master data generator
1342183 Security information: Transaction FIAAHELP
1340457 Encoding fix for technical hidden fields
1339620 Cross Site Scripting (XSS) in cFolders
1339326 F&R: Remove hardcoded user name branches in code (security)
1336947 Security correction: Username hard coded
1335926 Some Fields are susceptible to Cross-site scripting
1335103 Security correction: removal of hardcoded user names
1334396 Security Checks: Removal of hardcoded user names
1334244 Some Fields are susceptible to Cross-site scripting.
1333668 Security Checks: Model Mix Planning
1330776 Files transferrable to EPS inbox w/o auth.
1329090 Deactivate parameter sap-wd-ssrConsole
1327917 Authorizatn check for transactions FPSEC1/FPSEC2/FPSEC3
1315883 RSUSR003: Standard passwords for hash code versions H and I
1306604 /SAPAPO/MC62 authorization for creating CVCs
1304803 Security note: Changing a transport without authorization
1302928 Field Level Authorizations Not Being Checked in CASE
1298160 Security note: Forbidden program execution possible
1294675 Location: Authorization Check for Planning Version
1294431 Anchor links are generated with unwanted HTTP href address
1292875 Cross Site Scripting (XSS) in cFolders
1287570 BBP_QUOT: Cross-Site Scripting ( XSS )
1275278 Security: HTML Encoding missing over the inputField tooltip
1271688 Security: Authorization check for technical help
1267878 Cross-site scripting error in BBP_POC
1262016 Authorization check for deleting CVCs (/SAPAPO/MC62) 2.
1261319 Help Center user name in the URL
1259881 Prevent “Webadmin” task from system admin
1259414 Cross Site Scripting:PCUI Stored JavaScript Vulnerability
1243004 Security Note: Missing SYSLOG entries for ABAP Debugging
1235367 Authorization check for deleting CVCs (/SAPAPO/MC62)
1232490 Authorization check SE80 for where-used list
1168813 Program DISPLAY_FUNC_INCLUDE
1167258 Program RS_REPAIR_SOURCE
1159009 RSDB2CMD switched to RSBDCOS0
1158063 P18:Security Note:RSSM_EXEC_COMMAND converted to RSBDCOS0
1151557 External theme root not html escaped
1146690 Passwords in SLD ABAP API
1143177 Cache settings incorrect for WebDynpro ABAP
1142067 Missing authorization check for hidden functions
1136823 SOBJ: Display of object directory permits changes
1136770 Security note: ICF system login
1133739 Security note: Security gap in Data Browser (SE16)
1120760 Security note: Missing authorization check for Web services
1115699 CO-OM Tools: SE16N: Adapting to SE16
1085326 Security Note: Check for ‘System -> Status’ (SE80)
1058531 BBPSC: Cross-site scripting error
0957038 Security gap in cross-site scripting
863362 Security checks in the SAP Early Watch Alert

Security Tip: Use RSECNOTE for Automatic checks for security notes, check SAP Note: 888889

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...