Archive for the ‘OSS’ Category:

Critical security flaw in SAP GUI

December 1st, 2008 Comments Posted in BASIS, OSS, Security

An ActiveX vulnerability detected in the SAP GUI may possibly be exploited by an attacker to gain access to critical files and sensitive data. According to an advisory issued by the United States Computer Emergency Readiness Team (US-CERT), the vulnerability can be exploited remotely by an unauthenticated hacker. The flaw is in the ActiveX control, MDrmSap, which could crash Internet Explorer when handling malicious code, US-CERT said. The advisory also states that the vulnerable ActiveX control can be disabled in Internet Explorer by setting the appropriate kill bit, or by disabling ActiveX in the Internet Zone,

The Danish vulnerability clearinghouse Secunia gave the flaw a highly critical rating. To exploit the flaw, an attacker must trick a user into viewing a malicious website or email message, Secunia said.

SAP issued an update correcting the flaw. If you don’t have an OSS ID, you can view a PDF copy of the note - However, the one on the SAP site is guaranteed to be up to date, whereas the one here may not be.


List of OSS Notes in a Support Pack

June 5th, 2008 Comments Posted in OSS, Support Pack

If Project Managers or Developers want to know if a particular OSS note will be implemented by a particular Support Pack, you can direct them (via http://service.sap.com/notes ) to the details of the particular Note.  Sometimes, though, there is a large number of OSS notes, or they want to know ALL the Notes implemented in a given Support pack.  You can get this list via the SAP Support Portal.  The first step is to search the Software Distribution Centre ( http://service.sap.com/swdc ) for the Support Pack that you wish to list the Notes for.

 

image Note that the Search Term field requires the full name of the Support pack, in this case SAPKE47080, not KE47080.CAR (which is the name of the download)


Searching for the Support Pack (or a list of Support packs, if you get the Search Term syntax correct) will produce a formatted list of the Support Pack(s).

image

You may recognise this screen as one you have used for downloading Support Packs or adding Support Packs to a Download Basket.


If you select the description (I have circled it in red in the screen shot), the browser will open another tab / window that has a hierarchical list of all Notes in the Support Pack.  Follow the instructions on this screen to download the list.

image

 

Note that if you wish to drill down the hierarchical list, you can do so by selecting the line containing the SAP Component code


Repeat the search (if necessary) and download steps for each Support Package you need to produce a list for.  Please let me know via the comments if this has helped you, if you have any questions about the process, or if you have any other topics you’d like me to write about.