Symptom
Transaction SE16 is a universally applicable function to display any database contents in ABAP systems.
An authorization check against a table authorization group protects the access to this data using this function (authorization object S_TABU_DIS).
If you use transaction SE16 in a certain way, the system may fail to perform this authorization check. This may allow unauthorized access to any sensitive or critical data.
The correction (Support Package or correction instructions) solves this problem.
Risk mitigation before the correction is effective: Limit the access to transaction SE16 (authorization object S_TCODE).
We strongly recommend that customers limit the access to SE16 and implement the correction instruction as soon as possible.
Other terms
Data Browser, SE16
Solution
Use transaction SNOTE to implement the corrections.
Visit https://service.sap.com/sap/support/notes/1133739 for Correction delivered in Support Package and Corrections Instructions
Transaction SE16 is a universally applicable function to display any database contents in ABAP systems.
An authorization check against a table authorization group protects the access to this data using this function (authorization object S_TABU_DIS).
If you use transaction SE16 in a certain way, the system may fail to perform this authorization check. This may allow unauthorized access to any sensitive or critical data.
The correction (Support Package or correction instructions) solves this problem.
Risk mitigation before the correction is effective: Limit the access to transaction SE16 (authorization object S_TCODE).
We strongly recommend that customers limit the access to SE16 and implement the correction instruction as soon as possible.
Other terms
Data Browser, SE16
Solution
Use transaction SNOTE to implement the corrections.
Affected Releases
|
Visit https://service.sap.com/sap/support/notes/1133739 for Correction delivered in Support Package and Corrections Instructions
No comments:
Post a Comment