Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Authorized access to SAPHTTP, SAP security note 1391464


The settings defined for SAPHTTP does not include authorization checks based on user or based upon the source of request. No authorization checks are performed in the system while starting of the external program SAPHTTP.
Every ABAP installation would have the external program SAPHTTP.
To ensure system security,authorized access to this program is necessary and can be achieved by implementing this note. These settings need to be maintained regardless of whether SAPHTTP is used or not.

Available fix and Supported packages

  • SAP_BASIS | 46B | 46D
  • SAP_BASIS | 610 | 640
  • SAP_BASIS | 700 | 702
  • SAP_BASIS | 710 | 720

Affected component

    File Transfer via FTP


Score: 0


Exploit is not available.
For detailed information please contact the mail [email protected].




More to explorer