Tuesday, September 6, 2011

SAP BW Security Notes - composite post

This blog post has an intention to cover security SAP notes especially related to BW. I plan to keep this blog updated with the newest security notes as they being published by SAP.

Basically you can check those notes by yourself on SAP Service Market place as follows:

service.sap.com/securitynotes -> SAP Security Notes -> Security Notes Search

Here’s the list:


Note
No
App. area
Short text
Pr
io
Released On
BW-BEX-OT-DBIF
Directory traversal in BW
2
09.08.2011
BW-BEX-OT
Unauthorized modification of displayed content in BW
2
09.08.2011
BW-BEX-OT
Potential disclosure of persisted data in BW RFC
2
09.08.2011
BW-PLA-BPS-WIB
Aktualisierung #1 zu Sicherheitshinweis 1482118
2
15.06.2011
BW-BEX-OT
Missing authorization check in BW RFC
1
10.05.2011
BW-BCT-ISR
Nicht autoris. Änderungen und Ausführung bei RSBCT_RFASH_ALI
2
10.05.2011
BW-WHM-AWB
Missing authorization check in RFC with call transaction
2
08.03.2011
BW-BEX-ET-WJR-AD
Potential remote code execution in BW WAD
2
08.03.2011
BW-BEX
Update #1 to Security Note 1493268
3
03.02.2011
BW-BEX-OT
Missing authority check in SAP_RSADMIN_MAINTAIN
2
11.01.2011
BW-BEX-ET-WEB
Unauthorized modification of displayed content in 3.x BEX
2
14.12.2010
BW-BCT-CMS
Generic dataloader missing authority check for BW Objects
2
14.12.2010
BW-BCT-BBP
Unauthorized modification of displayed content - Vendor Eval
2
14.12.2010
BW-BCT-ISR-PIP
Potential disclosure of persisted data in BW-BCT-ISR-PIP
2
14.12.2010
BW-BEX-OT
Unauthorized modification of displayed content in BW
2
14.12.2010
BW-BCT-ISR-RSL
RMA Berechtigungsprüfung im Check Report BW
3
14.12.2010
BW-BCT-GEN
Potential disclosure of data in RS_BCT_CONTTOOLS_ABAP
2
14.12.2010
BW-BCT-EPM
Directory traversal/SQL injection in SPM1.0
2
14.12.2010
BW-BEX-OT-OLAP
Directory Traversel in BW OLAP RFC
2
14.12.2010
BW-PLA-BPS
Unautorisierte Änderung von angezeigten Inhalten in PLA-BPS
2
09.11.2010
BW-BCT-ISR
Versenden von Abverkaufsdaten an SAP DM
2
09.11.2010
BW-PLA-BPS
Unauthorized modification of displayed content in CRM-BPS
2
12.10.2010
BW-BCT-ISR
Location of the "SAP for Retail - Security Guide"
6
12.10.2010
BW-BCT-ISR-RSL
Fehlende Autorisierungsprüfung in RMA-Workbench
3
14.09.2010
SRM-BW
Vulnerability during dynamic function call without validatio
2
14.09.2010
BW-BEX
Unauthorized modification of displayed content in BW
3
14.09.2010
BW-BEX-OT-OLAP-AUT
Fehlende Autorisierungsprüfung in RSUDO beim "Ausführen als"
3
10.08.2010
BW
Directory Traversal in BW Statistik
3
10.08.2010
BW-BEX-OT-OLAP
code injection vulnerability in a BW function module
3
10.08.2010
BW-BEX-OT-OLAP
Reflected Cross-site Scripting (BW Document Browser)
3
08.06.2010
BW-WHM-DST-AUT
Anpassung Rollenvorlagen: S_RS_HYBR, S_RS_LPOA hinzugefügt
3
11.05.2010
BW-BCT-ISR-PIP
Potential disclosure of authentication information
2
11.05.2010
BW-BEX-ET-WEB
Missing Input Validation in Business-Explorer
1
09.02.2010
BW-BEX-ET
Sicherheitslücke in BEx Tools
1
03.02.2010
BW-BEX-OT-DBIF
Fehlende Berechtigungsprüfung in einem BW Report
2
07.12.2009
BW-BEX-ET-WEB
Bei Ausführung 3.X Web Template nur unverständliche Zeichen
1
23.11.2009
BW-BEX-OT-DBIF
Editor ohne Berechtigungsprüfung
2
19.10.2009
BW-BEX-ET-WJR-RT
BEx Web 7.0: Display Support Information in Error Pages
2
08.10.2009
BW-BEX-ET-WEB
Sicherheitshinweis: Cross Site Scripting
1
08.10.2009
BW-BEX-OT-MDX
Sicherheitshinweis: Buffer Overflow in ODBO Providers
1
08.10.2009
BW-WHM
P18:Security Note:RSSM_EXEC_COMMAND auf RSBDCOS0 umstellen
3
08.10.2009
BW-BEX-ET-WJR
Display Stack Trace in Error Pages
6
08.10.2009




Legend:
Note priorities (prio):
1 - HotNews
2 - Correction with high priority
3 - Correction with medium priority
4 - Correction with low priority
6 - Recommendations/additional info

No comments: