Skip links
RedRays - Your SAP Security Solution
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Availability of the system audit, SAP security note 754273

Description

The system audit is part of the Audit Information System (AIS). Previously it was only availabe in the SAP software component SAP_APPL (Logistics and Accounting).
Availability is required in all SAP systems (for example, BW, CRM, SEM, and APO). This is achieved by moving the system audit to the SAP_BASIS SAP software component.

What is the Audit Information System (AIS)?

AIS is a tool designed for the internal auditor. It is made up of the AUDIT report tree and contains collection, structuring and default values of SAP standard programs. The approach is geared towards check standards and check requirements.

The AIS targets auditors from the following areas:

  • External audit
  • Tax check
  • Internal auditing/data protection
  • Controlling
  • System audit

Available fix and Supported packages

  • SAP_BASIS | 620 | 640
  • SAP_BASIS 640 | SAPKB64005 |
  • SAP_BASIS 620 | SAPKB62043 |
  • SAP_BASIS 620 | SAPKB62044 |
  • SAP_BASIS 640 | SAPKB64009 |

Affected component

    BC-SEC-AIS
    System Audit Information System

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/754273

TAGS

#AIS
#Audit-Information-System
#Audit-Info-System

More to explorer

SAP Cloud Connector Certificate Validation Issue

February 13, 2024

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,