Apply SAP Security Notes to all components?

Similar Messages

• Do SAP Security Notes contain hacker and/or virus defence?

  Dear SCN fellows,
  I am new to this community and generally new to asking for SAP help in discussions and blogs.
  I need some advice on whether SAP Security Notes contain hacker and/or virus defences?
  I am investigating a companies SAP Security settings against its policy and global market standards.  I have identified that since our SAP rollout SAP Security notes patches have not been maintained.  RSECNOTE provides a large list of missing security notes.  I'm writing a report and what to confirm whether these notes offer any advice, support or notification of hacking or viruses.  Similar to Internet security software I guess.
  Can anyone advise if my thoughts and questioning is heading in the right direction or have I got the concept of SAP Security Notes completely wrong?
  Thank you kindly.
  Paul

  Hi Paul,
  I need some advice on whether SAP Security Notes contain hacker and/or virus defences?
  SAP releases respective security notes as per the loophole identification.  Once you run RSECNOTE you get the list of all applicable notes to your software release.
  Applying these notes will help you to remove the vulnerability SAP identified, So yes it contains solution to remove vulnerability.
  I'm writing a report and what to confirm whether these notes offer any advice, support or notification of hacking or viruses.  Similar to Internet security software I guess.
  Could you please elaborate it is not that clear to me.
  BR,
  Mangesh

• SAP Security Note 1487730

  Last week we saw SAP releasing its SAP Security Notes as per its SAP Security Patch Day Practice .
  One of thenotes released was related to a BUG FIX in a Kernel as per note 1487730
  https://websmp130.sap-ag.de/sap/support/notes/1487330
  Now the issue goes this way .
  We are on Kernel 7.01 SP Level 79.
  According to the NOTE we need to be atleast on SP Level 103 .
  When I check out at Marketplace I can only Find SP Level 111 which is the latest and released on 14.10.2010 ie. 2 days after the NOTER was released .
  Apprantely we follow a Thumbs Rule here to Implement the Kernel which is lower than the latest Kernel .
  The issue is I cant find Kernel SP Level 103 .
  Is it safe to go for SP Level 111 .
  Our Database is ORACLE 10.2.0.4
  OS PLatform :- Solaris Sparc 64- Bit NON UNICODE
  Regards,
  Ashish .A. Poojary
  Edited by: Ashish Poojary on Oct 21, 2010 7:10 AM

  Hi Ashish,
  Generally the rule of N - 1 is followed for SAP Application patches and not for kernel.
  You can go for latest kernel, it will not be any problem.
  Thanks
  Anil

• SAP job not using all dialog processes that are available for parallel processing

  He Experts,
  The customer is running a job which is not using all the dialog processes that are available for parallel processing. It appears to use up the parallel processes (60) for the first 4-5 minutes of the job and then maxes out about 3-5 processes for the remainder of the job.
  How do I analyze the job to find out the issue from a Basis perspective?
  Thanks,
  Zahra

  Hi Daniel,
  Thanks for replying!
  I don't believe its a standard job.
  I was thinking of starting a trace using ST05 before the job. What do you think?
  Thanks,
  Zahra

• 2LIS_04_P_COMP is not fetching all components

  Hi,
  We are extracting data from 2LIS_04_P_COMP. We have installed Business content and no restrictions when loading data from R/3 to BW.
  I am reconciling the data and identified that most of the records displayed in MB51 (Movement type 261) are not coming in to BW.
  I am reconciling Component Consumption Quantity (ENMNG-Qty withdrawn) in BW with R/3 but most of the records are missing in BW and not able to find the root cause.
  I heard that 2LIS_04_P_COMP extracts only Movement types 261. Infact all the components which are having movement type 261 are also not coming to BW when compared to transaction MB51.
  Can you please help me why there is a difference between BW with R/3?
  Regards,
  Reddy

  Hi,
  Please check whether you had carried out the settings in OPL5 as per the below document.
  http://wiki.sdn.sap.com/wiki/display/BI/LogisticExtractor-2LIS_04_P_MATNRIssueand+solution
  These settings are generic for Shop Floor control.

• SAP Security Notes: ABAP and Kernel Software Corrections

  Hi all,
  I have a quick question, hopefully it's just as quick an answer.
  Under the Early Watch section in the title it states
  Security-related SAP Notes cannot be checked because the results of the RSECNOTE tool are missing.
  What does this actually mean and how do I make the results of RSECNOTE available to the early watch report?
  It says this in all my systems, I can run the tool via ST13 or SE38 > RSECNOTE manually but surely it's must be referring to some automated results.
  Thanks
  Craig

  Sorry but this note is not relevant, we are using ST-A/PI 01Q_700 SP2 (SAPKITAB7L).
  It also refers to RSECNOTE not existing in the system.  As I mentioned the tool exists and I can run this manually, but as noted the Early Watch report states
  Security-related SAP Notes cannot be checked because the results of the RSECNOTE tool are missing.
  Suggesting that somehow results of the tool are held somewhere and are read by the Early Watch report processing. So my question still stands, how are these results made available to the Early Watch report, what batch job needs to be running on a regular basis for this to work?
  The very first sentence after the section says
  You have marked 2 security-related SAP Notes as not to be considered.
  So it must be reading this from somewhere!
  Thanks
  Craig

• SQL Server 2008 R2 Replication - not applying snapshot and not updating all repliacted columns

  We are using transactional replicating on SQL Server 2008 R2 (SP1) using a remote distributor. We are replicating from BaanLN, which is an ERP application to up to 5 subscribers, all using push publications. 
  Tables can range from a couple million rows to 12 million rows and 100's of GBs in size. 
  And it's due to the size of the tables that it was designed with a one publisher to one table architecture.  
  Until recently it has been working very smooth (last four years)) but we have come across two issues I have never encountered.
  While this has happen a half dozen times before, it last occurred a couple weeks ago when I was adding three new publications, again a one table per publication architecture.
  We use standard SS repl proc calls to create the publications, which have been successful for years. 
  On this occasion replication created the three publications, assigned the subscribers and even generated the new snapshot for all three new publications. 
  However,  while it appeared that replication had created all the publications correctly from end to end, it actually only applied one of the three snapshot and created the new table on both of the new subscribers (two on each of the
  publications).  It only applied the snapshot to one of the two subscribers for the second publications, and did not apply to any on the third.  
  I let it run for three hours to see if it was a back log issue. 
  Replication was showing commands coming across when looking at the sync verification at the publisher and 
  it would even successfully pass a tracer token through each of the three new publications, despite there not being tables on either subscriber on one of the publishers and missing on one of the subscribers on another.  
  I ended up attempting to reinitialize roughly a dozen times, spanning a day, and one of the two remaining publications was correctly reinitialized and the snapshot applied, but the second of the two (failed) again had the same mysterious result, and
  again looked like it was successful based on all the monitoring. 
  So I kept reinitializing the last and after multiple attempts spanning a day, it too finally was built correctly.  
  Now the story only get a little stranger.  We just found out yesterday that on Friday the 17th 
  at 7:45, the approximate time started the aforementioned deployment of the three new publications, 
  we also had three transaction from a stable and vetted publication send over all changes except for a single status column. 
  This publication has 12 million rows and is very active, with thousands of changes daily. 
  , The three rows did not replicate a status change from a 5 to a 6. 
  We verified that the status was in fact 6 on the publisher, and 
  5 on both subscribers, yet no messages or errors.  All the other rows successfully updated.  
  We fixed it by updating the publication from 6 back to 5 then back to 6 again on those specific rows and it worked.
  The CPU is low and overall latency is minimal on the distributor. 
  From all accounts the replication is stable and smooth, but very busy. 
  The issues above have only recently started.  I am not sure where to look for a problem, and to that end, a solution.

  I suspect the problem with the new publication/subscriptions not initializing may have been a result of timeouts but it is hard to say for sure.  The fact that it eventually succeeded after multiple attempts leads me to believe this.  If this happens
  again, enable verbose agent logging for the Distribution Agent to see if you are getting query timeouts.  Add the parameters
  -OutputVerboseLevel 2 -Output C:\TEMP\DistributionAgent.log to the Distribution Agent Run Agent job step, rerun the agent, and collect the log.
  If you are getting query timeouts, try increasing the Distribution Agent -QueryTimeOut parameter.  The default is 1800 seconds.  Try bumping this up to 3600 seconds.
  Regarding the three transactions not replicating, inspect MSrepl_errors in the distribution database for the time these transactions occurred and see if any errors occurred.
  Brandon Williams (blog |
  linkedin)

• Opening XLF Loading components .. Does not load all components

  Hi
  When i try to open a dashboard XLF file, dialog box appears opening file Loading components but the status does not reach to end process/status bar complete. I could see all the component in the preview. In the object browser i did not all the components and this leads me to think that all the objects were not indeed loaded. This is happenning just recently on this XLF. Due to this i am unable to tweak the XLF for enhancements.
  Any remedies welcome!
  Edited by: Raja Bandla on Sep 2, 2011 10:32 PM

  Hi
  Try with this once.
  go to File->Document Properties->Check that Show Loading Status box.
  still if you are not getting with this
  then check excel INDEX/MATCH functions
  If you are extensively using INDEX/MATCH functions within the Excel spreadsheet, opt for a selector component with 'Filtered rows' option under the Data Insertion Type
  i hope it may helps you.

• Applying sap correction notes

  I want to apply a note but downloading it with SNOTE it tells me it has no corrections to apply but I should apply its corrections (manually I suppose). How can I do it ?
  Thanks. I have heart something about Sap Manager. Should I use it now ?

  please check if the correction instructions of this note are valid for you release (your release can be seen in system->status).
  the note is not relevant if your system is at higher version than the release of the note.
  sometimes, the note is already imported into your system.

• In SOLMAN after applying security notes warings are coming

  Hi All,
  Please help here
  We have applied some security notes in SOMAN Dev & made the TR for the same
  after importing the TR in Live we are getting warining.
  log detail is as below
  Post-import method SCWN_AFTER_IMP_METHOD started for NOTE L, date and time: 2010111705264
  Beginn: After import method for SAP Note 0001379987
  No release data for Note 0001379987 in the data file in the request
  End:    After import method for SAP Note 0001379987
  Beginn: After import method for SAP Note 0001380710
  No release data for Note 0001380710 in the data file in the request
  End:    After import method for SAP Note 0001380710
  Beginn: After import method for SAP Note 0001381719
  No release data for Note 0001381719 in the data file in the request
  End:    After import method for SAP Note 0001381719
  Beginn: After import method for SAP Note 0001402132
  No release data for Note 0001402132 in the data file in the request
  End:    After import method for SAP Note 0001402132
  Beginn: After import method for SAP Note 0001412774
  No release data for Note 0001412774 in the data file in the request
  End:    After import method for SAP Note 0001412774
  Beginn: After import method for SAP Note 0001430970
  End:    After import method for SAP Note 0001430970
  Execution of programs after import (XPRA)
  End date and time : 20101117052647
  Ended with return code:  ===> 4 <===
  we checked and could see these SAP Notes coming in warning message has been implemented in our Dev & Live suuccessfully
  still waring is coming
  please help here to avoid this warnings
  Regards,
  Vyash

  Hi,
  Regarding the message "No release data for Note XXXXXXXXX in the data file in the request"
  You can normally ignore this warning.
  The warning's meaning:
  When a Note (R3TR NOTE) is transported, the release data for the
  software components affected by the Note is normally transported too. If
  a transport request contains several Notes, however, the release data
  is only transported with one of the Notes, and not with all of them.
  When a transport request containing several Notes is imported, the
  system issues a warning for all Notes that do not have release data
  transported with them.
  If the system issues this warning for all Notes during a transport
  request import, however, this might mean that the data in the target
  system is incomplete. If this is the case, the system will issue an
  error message when the imported Notes are displayed with transaction
  SNOTE.
  You can solve this display problem by downloading one of the Notes again
  from SAP Service Marketplace. The functionality of your system is in no
  way impaired.
  Hope the above information could be helpful to your situation.
  Kind regards,
  Fabricius

• SGEN through all components does not help preventing compiling

  Hello
  We run  SGEN through all components after applying basis support packages.
  However the system is still compiling. What could be the reason? Did anyone encounter tha same problem? How to solve this?

  Hi Tina,
  if you haven't done yet please have alook at SAP Note 481548.
  Hope this helps.
  Regards
  Bernd

• On my MacBook with Lion Safari does start, does not react immediately after trying to open it. Installing a new Safari does not help. Removing parts of Safari in the Library did not help. Where can I find and remove all components (LastSession ...)?

  How can I reset Safari with all components? On my MacBook with Lion, Safari does not start, does not react immediately after trying to open it. Installing a new Safari does not help. Removing parts of Safari in the Library does not help. Where can I find and remove all components as LastSession and TopSites?

  The only way to reinstall Safari on a Mac running v10.7 Lion is to restore OS X using OS X Recovery
  Instead of restoring OS X in order to reinstall Safari, try troubleshooting extensions.
  From the Safari menu bar click Safari > Preferences then select the Extensions tab. Turn that OFF, quit and relaunch Safari to test.
  If that helped, turn one extension on then quit and relaunch Safari to test until you find the incompatible extension then click uninstall.
  If it's not an extensions issue, try troubleshooting third party plug-ins.
  Back to Safari > Preferences. This time select the Security tab. Deselect:  Allow plug-ins. Quit and relaunch Safari to test.
  If that made a difference, instructions for troubleshooting plugins here.
  If it's not an extension or plug-in issue, delete the cache.
  Open a Finder window. From the Finder menu bar click Go > Go to Folder
  Type or copy paste the following
  ~/Library/Caches/com.apple.Safari/Cache.db
  Click Go then move the Cache.db file to the Trash.
  Quit and relaunch Safari to test.

• How do I apply SAP's mantra, "Run Like a Factory" to my Basis/Security team?

  I will preface this by stating that I am a newbie to SAP, and I am not technical. Currently I manage a Basis/Security team, albeit understaffed.
  For the past 5 years I have been charged to:
  Organize the team into a highly-performing department. (Done!)
  Leverage existing SAP (and non-SAP) tools to drive up the performance and availability of our SAP landscape. (Currently on SolMan 7.1, SP12. Early Watch reports for 17 instances. Crank out CQC's like they are free candy)
  Take full advantage of our SAP Enterprise Support. (Monthly calls with our Ent. Support Advisor. Burn through our EGI's, AEI's, and Road Maps. Training curriculum built around the Ent. Support Academy offerings, etc.)
  But there is a part that is missing, and this is where I need guidance. What I am referring to is the integration and synchronization of my team with the abundance of proactive services of SAP's MarketPlace (MP) and Enterprise Support (ES). Here is what I mean:
  So I am subscribed to umpteen SAP "MP" & "ES" newsletters and RSS Feeds, I occasionally browse the Security Portal (because I can't find where to subscribe to an RSS Feed), I receive the "SAP Support Notification" email every couple of days, I am connected to their Social Media presence,and there are a few other communication channels I am connected to. But from all of this what I am missing is... Continuity!
  I have had this nagging feeling that I am missing, or not yet fully aware, of some basic elements within the "MP" or "ES" that I need to address so that the steady flow of information from these channels are relevant and substantial. Here is my best example:
  Every few days I receive the "SAP Support Notification" email. At first the email was basically empty. I figured out that I had to choose my instances within my subscription so that I receive relevant information. I accessed my instance list and found it was a mess. So I had my architect remove all obsolete instances.  The contents of the email is now more substantial, but there is more to the email that I don't understand the relevance of.
    Another example is the SAP Security Portal. I can't figure it out. Updates, announcements, etc. aren't sent out. I have to remind myself to visit the Portal.
  I have a few more examples, but this post is already too long. I need help with the manipulation of the basic elements of "MP" and "ES" to start receiving more substantial, and actionable, proactive support. Once I have this I can integrate this support into the daily administration of my SAP ecosystem, as well as define KPI's and metrics to strive for improved performance and availability.
  So what am I missing?

  Hi Pete,
  This is a great discussion item, and I am glad that you brought it up!  There is a lot of information out there, and how to syphon it so it relates to you is definitely something that is important.
  Couple points/questions on the above, and then some information that may help future wise.
  There are many notifications within the SAP Support Portal that you can subscribe to.  Some require filters, some are based on 'subscribing' to Spotlight News or to specific notes and KBAs.  Happy to set up some time with you to go through these in detail.
  What is the URL to the SAP Security Portal you mention?  Are you referring to this area: https://support.sap.com/kb-incidents/notifications/security-notes.html?
  Future direction is focusing on personalizing your experience within the portal.  Giving you what you need, when and how you prefer.  We can chat on that as well.
  Feel free to reach out to me directly.
  Cheers,
  Kristen

• Regarding applying SAP Note 1172084

  Hi all,
  I have applied SAP Note 1172084 - PKMC: Dump DYNPRO_NOT_FOUND for control cycles of type SeqJC through SNOTE  as we are receiving run time error Dynpro Not Found...Even though it didnt solve our problem..
  Read in some site that if any changes are done to the screen, we need to manually apply the note (i.e. not through SNOTE), but i didnt find any program or function module in the source code mentioned by the note...
  Could you pls. help in solving the problem..
  Thanks,
  Subbu

  > Read in some site that if any changes are done to the screen, we need to manually apply the note (i.e. not through SNOTE), but i didnt find any program or function module in the source code mentioned by the note...
  There are corrections in the note, if you scroll down to "correction instructions" for your release and you open it, there are 4 program changes displayed.
  If you can apply the note via SNOTE and the program is still dumping I'd open an OSS call.
  Markus

• Does SAP upgrade cover prievious security notes.

  Hi, i am beginner in security field and have this confusion. I am using Solution Manager to find out missing security notes from my system. Should i filter the result and implement security notes that have been released after the date of the upgrade or should I include all security notes including thoses notes relased before the upgrade date.
  Thank You..

  In addition to the list of security notes at https://service.sap.com/securitynotes you should have a look to the Security Patch Process FAQ as well.
  Concerning your question:
  Yes, all security corrections of SAP are part of a Support Package.
  But there exist some pitfalls:
  By the time when you finally have upgraded your production system, it's already some month old compared with the corresponding development close date for the support package at SAP. Therefore you always will find some new security notes -> Use the Maintenace Optimizer to find new security notes while you are preparing the upgrade and the application System Recommendations monthly. 
  Several security notes contain manual instructions to configure the system (e.g. concerning profile parameters, RFC Gateway access control lists or logical filenames), which are valid for the new support package. -> I recommend to skip any date selection while searching for security notes. (Use a date interval only if you explicitely want to have a look, e.g. to the notes of the most recent patch day.)
  Kind regards
  Frank