Skip links

Security note Delete the file, SAP security note 1324901


After you have successfully completed the installation using SAPinst, the file remains in the system. This file should exist only temporarily for the time period in which the CTC is called by SAPinst without dialogs. After you have completed this installation step, the file is no longer required.

This file is used to exchange information, such as the logon data of all of the user IDs that were created or changed by the installer. The passwords are subject to only a very weak encryption in the file. This was appropriate and sufficient for a very short existence. However, if the file remains on the computer for a longer period of time, it is a security problem if the passwords were not changed again after the installation.

Available fix and Supported packages

  • SAP_BASIS | 700 | 701

Affected component

    Installation Tools (SAP Note 1669327)


Score: 0


Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.




How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies

SAP Security Patch Day RedRays

May 2024 SAP Security Patch Day

Vulnerability: Multiple vulnerabilities in SAP CX Commerce SAP Component: CEC-SCC-PLA-PL CVE ID: CVE-2019-17495 CVSS Score: 9.8 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Category: Program error