Acknowledgments to Security Researchers - Previous Months
The SAP Product Security Response Team thanks all researchers and security IT professionals that helped with discovering and solving security vulnerabilities. Their findings have helped SAP to maintain...
View ArticleAcknowledgments to Security Researchers
The SAP Product Security Response Team thanks all researchers and security IT professionals that help with discovering and solving security vulnerabilities. Their findings continuously help SAP...
View Article0-day XSS vulnerability on SAP website put customers’ data at risk of theft...
May 7, Palo Alto, CA. ERPScan's Security Research and Threat Intelligence division has identified information leak of highly-critical 0-day vulnerability in SAP.com on a public resource. On the 4th of...
View ArticleContent Server 6.5 + Windows Server 2012 putCert
After installing SAP Content Server 6.5 to Windows Server 2012 on attempt to execute the query putCert to import the certificate (X.509 v3 DSA or RSA) get an error: "X-ErrorDescription:" Security:...
View ArticleME21N restriction by material types
Hi We would like to restrict ME21N access by material type. I believe this is possible by turning on the authorisation check in SU24 for ME21N transaction for authorisation object M_MATE_MAR and once...
View ArticleNeed to alert security team every time when a new authorization object is...
Hi, There is a requirement, when new authorization object is created in SU21 then alert or mail will sent to security team every time? Is their any BADI or Exit available to write the code? or Is there...
View ArticleHow to display users with their assigned roles and transaction codes
Good day, I would like to list users with their roles and transaction codes. I do not find any option in SUIM that can display them in a single page where I can print them out easily. Is this possible?...
View ArticleSap query
Hi All, We have configured few queries against 'X' user ID but unfortunately the access to SQVI for 'X' user ID has been revoked.So can anyone let me know is it possible to see those queries and the...
View ArticleMass Role Deletion
Hi experts.. help me if I want to delete bunch of roles for a Single User??
View ArticleRemoval of Developer Key
What is the process to request that SAP remove or deactivate a Developer Key from a a specific user so that it is no longer valid or associated with that user. Any input would be most appreciated....
View ArticleAudit logs not displaying in sm20
Hi all, After kernel 721_EXT_500 upgrade, i am not able to see Security audit logs in sm20. However logs are generating at OS level. i have observed after kernel upgrade at OS level audit file format...
View ArticleClik here to view.
Featured Content in Security
Attack Detection Patterns of SAP Enterprise Threat DetectionAttack detection patterns are what powers the ability of SAP Enterprise Threat Detection to alert you to suspicious activity in your network....
View ArticleIn header of suim we are not getting description for transaction code in...
when we select the Users by Complex Selection Criteria in suim tcodefor any transaction Code like su01 or FK04 etc.In header we are not getting description for transaction code inselection criteria ....
View ArticleChinease attack on USIS using SAP vulnerability – Detailed review and comments
On 11th of May, a security headline broke out in the news, it was about an attack on USIS (U.S. Investigations Services) conducted potentially by Chinese state-sponsored hackers via a vulnerability in...
View ArticleReplication or remote RAL logs
Hello experts, We are switching from Seclog to RAL (after an upgrade). In this context our customer has asked us if it is possible to replicate the RAL logs to a remote site, so a internal hacker isn't...
View ArticleClik here to view.
Read Access Logging - Dynpro Configuration Step-by-Step guide
Introduction:Read access logging is one of the powerful tool to secure data. With help of this SAP out-of-the box solution, you can monitor data that is being accessed via SAP Dynpro, WebDynpro, RFC...
View ArticleClik here to view.
S_RFCACL not editable in release 701?
Hello, We're currently doing an upgrade from Release 700, SP-Level 014, to Release 701, SP-Level 016. In our CRM system, I'm trying to edit the authorization object S_RFCACL so I can add new SIDs. I'm...
View ArticleUser type changes are not shown in change document
I have observed this strange behavior in my system, the change document is not shown if I run the report for attribute 'user type' when the user type has actually been changed. This happens for...
View ArticleBest way to control display authorizations to GOS (attachment list) in XK03
Hello All Purpose: Prevent users to access confidential attachments in XK03 which contains bank account details - SSN etc., I tried to check through all existing forums, solutions etc. but please...
View ArticleRole Comparison Cross System - alternatives to RSUSR050
Hello Experts, Would there be an alternative for Cross system role comparison outside of using RSUSR050 ?We have a variety of landscapes and are on different basis levels...SAP notes have corrected all...
View Article