Skip links

GW Changes to the ACL list of the gateway (secinfo), SAP security note 614971


In the secinfo file, you can define which external programs may be started or which external server programs may be registered on the gateway for up to and including Kernel Release 46D.

As of Release 6.40, the registration of external server programs is to be controlled using a separate file (reginfo). See Note 1069911 for more information.

The file name is defined by the parameter gw/reg_info. The default value for the path of the file is:

If the file does not exist, the system starts all external programs.

However, if the file exists but is empty, or if it does not contain valid lines, you must not start any external programs.

If you want to start an external program, the system searches the file for a valid entry. If it cannot find a valid entry, it refuses to start the external program and issues the following error message:

ERROR   user <usr> is not authorized to start TP <program name> on host

    1. In this case, all programs must be listed separately with the relevant program ID (TP). If the program ID is generated dynamically (for example, for the BeX Analyzer), you can use wildcards (as of a certain patch level, see TP syntax below).
    2. The host name (HOST ) and the host name of the user (USER HOST) must be specified separately. If there are many different hosts, this is very difficult.
    3. In the exceptional case that an external program wants to start another external program and both communications run on the same host, you must enter “local” as the USER-HOST, otherwise a rejection occurs.

Available fix and Supported packages

  • SAP_BASIS | 46B | 46D
  • SAP_BASIS | 620 | 640
  • SAP KERNEL 4.6D_EX2 32-BIT | SP2381 | 002381
  • SAP KERNEL 4.6D_EX2 64-BIT | SP2381 | 002381
  • SAP KERNEL 4.6D_EXT 32-BIT | SP2381 | 002381
  • SAP KERNEL 4.6D_EXT 64-BIT | SP2381 | 002381
  • SAP KERNEL 6.40 32-BIT | SP224 | 000224
  • SAP KERNEL 6.40 32-BIT UNICODE | SP224 | 000224
  • SAP KERNEL 7.00 32-BIT | SP150 | 000150
  • SAP KERNEL 7.00 32-BIT UNICODE | SP150 | 000150
  • SAP KERNEL 7.00 64-BIT | SP150 | 000150
  • SAP KERNEL 7.00 64-BIT UNICODE | SP150 | 000150

Affected component



Score: 0


Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.




How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies