WSDL security was introduced in SAP Java AS 7.20 SP0 providing authentication control to access a WSDL via HTTP. As of 7.20 SP3 this was extended with authorization control as well, requiring UME roles “Administrator”, “WSDL_Viewer” or any other role with assigned action “WSDL_Visualization” in order to access WSDLs via HTTP.
NOTE: By default WSDL security is disabled. This guarantees backwards compatibility and lack of side effects on already running scenarions.
Available fix and Supported packages
- ENGINEAPI | 7.20 | 7.20
- J2EE-FRMW | 7.20 | 7.20
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.