Skip links
🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

Security Note Introducing WSDL security in Java AS 7.20, SAP security note 1428117


WSDL security was introduced in SAP Java AS 7.20 SP0 providing authentication control to access a WSDL via HTTP. As of 7.20 SP3 this was extended with authorization control as well, requiring UME roles “Administrator”, “WSDL_Viewer” or any other role with assigned action “WSDL_Visualization” in order to access WSDLs via HTTP.

NOTE: By default WSDL security is disabled. This guarantees backwards compatibility and lack of side effects on already running scenarions.

Available fix and Supported packages

  • ENGINEAPI | 7.20 | 7.20
  • J2EE-FRMW | 7.20 | 7.20

Affected component



Score: 0


Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.




How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer