SAP Note 1330776 - Security note: Files transferrable to EPS inbox w/o auth.

Symptom

Due to a missing authorization check in an RFC-enabled function module, if certain prerequisites are met, you can place files in the EPS inbox without authorization.


Other terms
EPS, SPAM, Transport Management System, TMS, upgrade


Reason and Prerequisites
This problem is caused by a program error.


Solution
Import the Support Package or implement the correction instructions. If you cannot do this or if this takes a long time, you can also set the directory <transport directory>/EPS/in to read-only. If you want to import Support Packages or perform upgrades, you must provide this directory with write authorization for the SAP system.

Affected Releases

Software Component Release From Release To Release And subsequent SAP_BASIS 46 46A 46D   SAP_BASIS 60 610 640   SAP_BASIS 70 700 702   SAP_BASIS 71 710 711

Correction delivered in Support Package

Support Packages Release Package Name SAP_BASIS 46C SAPKB46C59 SAP_BASIS 620 SAPKB62066 SAP_BASIS 640 SAPKB64025 SAP_BASIS 700 SAPKB70020 SAP_BASIS 701 SAPKB70105 SAP_BASIS 702 SAPKB70203 SAP_BASIS 710 SAPKB71009 SAP_BASIS 711 SAPKB71103

Corrections Instructions

Correction Instruction Valid from Valid to Software Component Last Modifcation 747984 46C 710 SAP_BASIS 17.04.2009  08:44:41 747986 700 711 SAP_BASIS 17.04.2009  08:44:55