IGS: Vulnerability "security hole in level 3"

Similar Messages

• IGS: Vulnerability (security hole in level 3 was found)

  Hi!
  We are using SAP ERP 6.0 system with an ingetrated IGS 7.0
  We already changed IGS according to sap note 896400 to the version 7.00 (Patch 15)
  When we run scan on demand we get the following information: 
  A security hole in level 3 was found at server ServerX.
  Vulnerability-Level [highest]: 3
  Vulnerability-Level [highest counted]: 0
  Vulnerability Details
  Date: Sun 10 May 2009  1:26:13 MET
  Vuln: 300803
  Vulnerability: SAPXPG Remote OS Command Execution at sysnr 3
  ToDo: Set up a project to implement access restriction rules to RFC programs
  with the 'secinfo' and 'reginfo' (only available in SAP Netweaver) mechanism
  CertRef: M906071, SAP 30/08
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:
  Date: Sun 10 May 2009  1:26:17 MET
  Vuln#: 100806
  Vulnerability: External Server Registration is possible at sysnr 3
  ToDo: Secure remote registration of RFC programs (only possible in SAP Basis
  7.00 and later)
  CertRef: M906071
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:
  Date: Sun 10 May 2009  1:26:17 MET
  Vuln#: 101802
  Vulnerability: IGS HTTP Administration is enabled and this version has
  reported vulnerabilities at sysnr 3
  ToDo: Upgrade to a higher patch level, i.e., for BC-FES-IGS 6.40 Patch Level
  17 or higher and for  BC-FES-IGS 7.00 Patch Level 07 or higher
  CertRef: SAP 34/09
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:
  End of Vulnerability Details
  Question:
  What we have to do to avoid s security holein level 3?
  Thank you very much!
  regards

  Do you solved tye probllem below. ???  Can you help me.
  I have the same problem.
  What the format of secinfo, reginfo and what value to to profile gw/reg_no_conn_info ??
  Thanks,
  Vulnerability Details
  Date: Sun 10 May 2009 1:26:13 MET
  Vuln: 300803
  Vulnerability: SAPXPG Remote OS Command Execution at sysnr 3
  ToDo: Set up a project to implement access restriction rules to RFC programs
  with the 'secinfo' and 'reginfo' (only available in SAP Netweaver) mechanism
  CertRef: M906071, SAP 30/08
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:

• SSL Security Hole in Safari 3

  I noticed a security hole in Safari 3.2.2 regarding a webpage delivered over SSL when including content from a non-secure location. Ironically, I found this in the developer login for the iPhone developer login.
  The login page, which shows as being on a SSL page with an https delivery is trying to load images, such as http://devimages.apple.com/login/images/hero.png. Notice that it is asking from the non-SSL http site.
  Under the new IE8, it is now warning about this issue and gives option to block or not block the non-secure content.
  Under Safari, it shows without warning.
  The risk of displaying mixed content is that a non-secure webpage or script might be able to access information from the secure content, creating a security hole.
  Running Safari under Vista Business X64
  Lance

  Do you solved tye probllem below. ???  Can you help me.
  I have the same problem.
  What the format of secinfo, reginfo and what value to to profile gw/reg_no_conn_info ??
  Thanks,
  Vulnerability Details
  Date: Sun 10 May 2009 1:26:13 MET
  Vuln: 300803
  Vulnerability: SAPXPG Remote OS Command Execution at sysnr 3
  ToDo: Set up a project to implement access restriction rules to RFC programs
  with the 'secinfo' and 'reginfo' (only available in SAP Netweaver) mechanism
  CertRef: M906071, SAP 30/08
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:

• Potential Security Hole with 802.1x and Voice VLANs?

  I have been looking at 802.1x and Voice VLANs and I can see what I think is a bit of a security hole.
  If a user has no authentication details to gain access via 802.1x - i.e. they have not been given a User ID or the PC doesn't have a certificate etc. If they attach a PC to a switchport that is configured with a Voice VLAN (or disconnect an IP Phone and plug the PC direct into the switchport) they can easily see via packet sniffing the CDP packets that will contain the Voice VLAN ID. They can then easily create a Tagged Virtual NIC (via the NIC utilities or driver etc) with the Voice VLAN 802.1q Tag. Assuming DHCP is enabled for the Voice VLAN they will get assigned an IP address and have access to the IP network. I appreciate the VLAN can be locked down at the Layer-3 level with ACL's so any 'non-voice related' traffic is blocked but in this scenario the user has sucessfully bypassed 802.1x authentication and gain access to the network?
  Has anyone done any research into this potential security hole?
  Thanks
  Andy

  Thanks for the reply. To be honest we would normally deploy some or all of the measures you list but these don't around the issue of being able to easily bypass having to authenticate via 802.1x.
  As I said I think this is a hole but don't see any solutions at the moment except 802.1x on the IP Phone, although at the moment you can't do this with Voice VLANs?
  Andy

• Adobe Flash security hole

  As we all now, there's a huge security hole in flash. It's not a question, what to upgrade urgently in 32-bit systems, but the crap company Adobe didn't provide us a 64bit version of this new flash beta. The question is: In 64bit systems wouldn't it be better to package the nspluginwrappered nonsecholed version of flash? Or would it be too difficult, and it would even need a wiki entry? And from about when will be secure packages of flash will be available from arch repositories?

  berbae wrote:It's not clear to me why nspluginwrapper would be needed, because there is in AUR the package lib32-flashplugin-prerelease 10.1.53.64-8, which has less dependencies.
  Cannot that package work on x86_64 arch without nspluginwrapper, if all the needed lib32 libraries are installed ?
  Please can someone give me explanations, thanks.
  Already try that one. In short: it doesn't work.
  Apparently, 64bit Firefox could not recognize 32bit plugin, even if all the necessary lib32 packages are installed, which is why we need nspluginwrapper to act as a "middle man" between Firefox and Flash (someone please correct me if I'm wrong on this).
  Anyway, don't let the huge dependency list scares you, both nspluginwrapper-debian and nspluginwrapper-flash-prerelease combined requires roughly the same dependencies as lib32-flashplugin, it's just that PKGBUILD of nspluginwrapper-debian listed all dependencies, while lib32-flashplugin only list the highest level ones.
  If you don't believe me, try issuing the following command (which is the dependencies of lib32-flashplugin):
  lib32-libxt lib32-gtk2 lib32-nss lib32-curl
  and take note that it pulls in roughly the same number of packages that nspluginwrapper-debian package requires.
  Last edited by zodmaner (2010-06-14 11:31:44)

• WRT55AG - Denial Of Service / security hole, and other issues

  Im using a V2 of the WRT55AG using 1.79 firmware.
  I suffered many perplexing issues when connected directly to my cable modem.
  1 It would lock up and no data transversed it
  2 Its web interface would no longer exist
  3 Some types of data would be blocked
  4 It would stop doing DHCP
  5 Ping times to it from the LAN side would increase in 1 minute intervals for hours or until power cycled
  6 Data rates would slow randomly.
  These problems would occur separately and in combinations. They would occur randomly but some issues would occur daily.
  Left alone the router would 100% lock up in a matter of days. This occurred 100% of the time.
  Rebooting was a daily and sometimes hourly ritual.
  After reading in many forums of the known issues with this router I purchased a BEFSR41 as replacement.
  ALL of my problem were gone. This of course isolated the issues I was having to the WRT55AG.
  I then hooked up the WRT55AG _after_ the BEFSR41.
  The problems with the WRT55AG disappeared. Completely. It suddenly worked for weeks perfectly.
  I then tried setting the BEFSR41's DMZ to the IP of the WRT55AG exposing the WRT55AG to the net directly.
  The issues returned.
  So the WRT55AG is crashing and suffering from various problems because of some hostile internet packets. Effectively it suffers major security issues and a denial of service from something that is present from the internet. I did not isolate what ports+packets were causing the DOS condition.
  Im sure the WRT55AG has some code that is vulnerable to attack because it crashes when exposed to the net. This is a serious issue.
  This is a sad state of affairs. I paid good money for the router. Its too late to get my money back. I would settle for a 802.11A WAP.
  I want a *FIX* for the obvious security hole that could expose anyone on the LAN side of the wrt55AG router to attack if the router/firewall is compromised. I want my WRT55AG to work as intended or at least as well as the BEFSR41 I own.
  I also feel if the source code was still open, then these problems would not exist. At the very least, some other 3rd party version of firmware would be available that would work in the router and any issue would get prompt attention and a quick solution from a open source team. The decision by Linksys to move away from open source firmware will erode the quality of the brand by making products less reliable.
  WHEN will a new version of the firmware be available for the WRT55AG ?
  If not how do I go about returning a well documented defectively engineered product for a product that works ?

  I would like to see a update to fix the various issues with this router. When will this be available ?
  -OR-
  If this product is considered End Of Life, I would like to get confirmation that no future firmware update will occur.
  As this product was defective out of the box and has never been fixed, I would like a replacement product please. My serial number is # MDJ106802225
  Message Edited by Xymox on 08-13-2008 11:28 AM

• MS Office secretly connects to my Mac and scans my activity. How??? Security hole? Exploitable by hackers?

  I have a strange problem. All by itself it's not so serious, but it concerns me that it reveals a security hole which can be exploited by hackers.
  I may be over-reacting, so any reassurance or explanation would be appreciated.
  Here's the situation:
  I have a MacBook Pro running OSX 10.6.5. I also have a new MacBook Air also running 10.6.5. I recently used Migration Assistant to move all my applications from the MacBook Pro to the MacBook Air. The migration worked fine with one very troubling exception.
  One of the applications that got migrated was MS Office 2008 (MSWord, Excel, etc.). When I just had my MacBook Pro, MS Office worked fine. Also, now, if my MacBook Pro is turned off and I'm just using my Air, MS Office again works fine.
  HOWEVER...if I have my MacBook Pro open and running MS Office on it, and then I simultaneously open my Air and try to launch MS Office, I get an error message that says
  "Microsoft Office 2008 for Mac cannot start because Microsoft Office is already in use.
  An office program is being used by Apple Mac. Your installation exceeds the number of installations permitted by the license agreement."
  However, if I then "Quit" MS Office on the Pro, and then try to launch it on the Air, I don't get the error message, and it works as normal. The same thing happens if I switch computers -- if it's running on the Air first, then I can't launch it on the Pro. Basically, only one of the computers can run MS Office at any one time.
  Now, the issue about the MS license agreement is not what concerns me -- I guess the version of MS Office I bought back in 2008 was only supposed to be installed on one single computer, and never migrated to a new computer (I eventually plan to use the Air full time and retire the Pro). I'm probably going to get a newer version of MS Office eventually anyway, and also I almost never use both computers at the same time, so I'm not worried about being unable to use MS Office on both computes simultaneously. No, what worries me is this:
  How does MS Office on one computer even know that my other computer is running and has MS Office open?
  I'm not an expert on networks and sharing and connectivity and all that, so excuse me if I use inaccurate terminology, but...:
  Both computers connect via AirPort to a cable modem and thus share the same wifi hotspot to connect to the internet.
  But as far as I can tell, the two computers are not "connected" to each other. In the System Preferences for both computers, in the "Sharing" panel, all File Sharing is off. Also, none of the sharing boxes are checked.
  Neither computer shows the hard drive of the other on its Desktop. If I wanted to, I could use Finder's "Go" menu, choose "Connect to server," then "Browse," then find the other computer, double-click on it, type in the admin password, and then connect the two computers. But I haven't done that, and MS Office is able to see what the other comoputer is doing, even when they aren't connected in any way (as far as I can tell).
  I find this pretty disturbing. How in the world does the MS Office on one computer even know that the other computer exists? Furthermore, how does it know that the other computer is on and running? And lastly and more importantly, how does it know which programs are running on the other computer?
  One extra detail: in order to try to diagnose this odd behavior, I installed a program called "Little Snitch" which monitors all network activity and notifies the user whenever any malware programs or other sneaky behind-the-scens apps try to send data over your connection without your knowledge. Little Snitch seems to work great but when I test the problem after installing it, Little Snitch did not even detect or report that MS Office was doing any surreptitious network snooping. So whatever MS Office is doing, it's doing it pretty sneakily.
  Here is my worry: Could a hacker somehow exploit this capability of MS Office to monitor activity on my computer without my being aware of it? Or could someone re-adapt this snooping code from MS Office for more nefarious purposes?
  Or am I completely misapprehending the situation somehow?
  Any  reassurance or explanation would be greatly appreciated! Thanks.

  But my question is: How does the software do that?
  It scans the local network for computers trying to "share" software that is only supposed to be licensed for one computer. I can't give you a technical answer, I can just tell you that's what it's doing.
  then what's preventing less ethical coders from deploying similar but more sinister malware with the same capability?
  Nothing. Any vendor of any software, from a one person shareware or freeware app to a company the size of Apple, Microsoft or Adobe could sneak in damaging code. Any company that wants to stay in business though would never allow it.
  In a typical software company (particularly larger ones), you have not only the people who write the code, but also system analysts who review the code looking for flaws or anything else that shouldn't be there.
  Now I have the fear that if I'm using a wifi hotspot in a cafe or wherever, someone else with hacking skills on that same hotspot could basically see what I'm doing on my computer, without my knowledge.
  The software to pry (they hope undetected) into other folks' computers on an open network like that has been around for years. That's why you at least need to have your firewall enabled when using a wifi hotspot.

• Although I turned off WiFi, set as 'require admin password to turn on and off wifi, when I turn on my MacBook Pro, retina latest model, just got for a month, it turns on wifi automatically, is this a back door or virus or security hole? Thank you

  I have my all networks at 'Off' status in the system panel, never use Bluetooth either, also in the top status bar, and set as 'require admin password to turn on and off WiFi', but when I turn on my MacBookPro 15" retina newest model only one month old, it goes on to WiFi automatically by itself.
  Is this a back door? Security hole?
  The other day, I was taking a break for five minutes, when I came back, the Microsoft outlook is open for setting up an account, I never use outlook, it is there only because it comes with the office package. Also, iTunes was playing music, I don't use iTunes when I'm working. Both were not on before I left for the break.
  What is the problem?

  I have my all networks at 'Off' status in the system panel, never use Bluetooth either, also in the top status bar, and set as 'require admin password to turn on and off WiFi', but when I turn on my MacBookPro 15" retina newest model only one month old, it goes on to WiFi automatically by itself.
  Is this a back door? Security hole?
  The other day, I was taking a break for five minutes, when I came back, the Microsoft outlook is open for setting up an account, I never use outlook, it is there only because it comes with the office package. Also, iTunes was playing music, I don't use iTunes when I'm working. Both were not on before I left for the break.
  What is the problem?

• Possible Login Screen Security Hole in Lion?

  I think that I have found a glitch in the login screen in Lion that allows a user to hack in to an account without a password! It appears to occur on Macbooks with OS X Lion and here is how to reproduce it:
  Make sure that you account is password-protected and that you require a password 5 seconds after the screen saver/sleep begins. Also, be sure that you have the default "hot corner" settngs and OS X Lion. Lastly, make sure that Finder is on the farthest left icon on your dock and that your screen saver is set to spectrum!
  Close all open windows to see your desktop.
  Now, close you Macbook lid, wait 10 seconds, and open it up. You should see a screen similar to the one shown below, but with your wallpaper & info: 
  Now forcefully (yes, forcefully) restart your Mac by pressing down command, control, and the power button at the same time.
  Wait for your Mac to start up and you should see the same screen you saw (like the image above.)
  Click in the battery/time/wifi signal/etc. area in the top right corner without mousing over the courner.
  Now, mouseover the top right corner of the screen, as it will launch some kind of odd "mission control". From there, ANYONE can control your Mac without seeing your screen. From there, mouse over where you think Finder is on the dock (in the bottom-left corner of the dock) without mousing over and corners of the screen and click it. That SHOULD launch finder on your Mac.
  The login screen should reappear! (Odd, isn't it?)
  Now, mouseover the bottom-left corner and hold esc as soon as the screen turns completely dark. If sucessful, you should see your screensaver show up. While holding esc, move your mouse around towards the bottom-right corner. You should see your cursor over top of the "wheel of doom".
  The screen should flicker and you have hacked in to your account! Funny, isn't it?
  You should see finder over top of your desktop if you located finder correctly in step 7! Cool?
  If you are not sucessful, restart the entire process from step 4 and skip steps 7-8. If it doesn't work out for you after a few attemps, give up! Let's not waste any time on hacking in to an account (unless you are a hacker.)
  Is it just me or can anyone else reproduce this? If it occurs (or not), please list your Macbook's specs and details in a reply.

  jonathan_2005 wrote:
  One of the options in the security panel permits a user to require that a username and password be entered to login once the screen saver locks your account.
  The option is "Require password to wake this computer from sleep or screen saver"
  Although one would assume that the credentials required to wake the computer is the username/password of the account that was being used when the computer went into sleep mode or the screen saver.
  Never assume
  WRONG!!! Anyone with an account on the machine can enter their username/password and wake the computer and voila that user now has control of the machine as the former user. That's right you guessed it HUGE security hole.
  Anyone with a standard user account? Are you quite sure?
  Anyone thinking that they can wake away from their machine and have the screen saver or sleep mode protect their account after a specified period of time is sadly mistaken. Anyone with an account on the machine can enter their own username and password and drop right into your account right where you left off.
  I never think that way. A more secure lock is ensured by using the screen lock feature of the keychain.
  Can you believe this stuff?
  Not sure what stuff you refer to.
  No warning, no release note to tell you of such a poorly designed "security" option.
  Would you believe that anyone can access your computer? Stolen computers are regularly started up without much problem.
  Apple please fix what must have been an oversight or at least tell people about this intentional design BEFORE they find anyone can wake the computer and become you as a user.
  You are writing to other users like yourself here, not Apple.
  I also presume you are new to the Mac world.

• Can you confirm a security hole in file sharing?

  I have found a very annoying security hole, and I wonder if it is unique to my setup. I have my mini set up with file sharing turned on. It has 5 accounts, one administrator, rest ordinary users. My login for the administrative user on my laptop is the same as on the mini. I have not turned on "Back to my Mac."
  From my laptop I navigate to the mini using either (a) the network panel in finder, (b) the local IP (afp://192.168.0.xxx), or the global IP (afp://64.xxx.xxx.xxx). (My router is set up to forward the appropriate ports to the mini's local IP). I mount the administrative user's home directory under apple file sharing. Now I have full access to these files. I DO NOT SAVE THE PASSWORD IN KEYCHAIN. All this is as it should be.
  Now I eject the administrator disk.
  From now on (until I reboot my laptop), I can mount that same disk without a password!
  Can someone confirm?

  {quote:title=William Lloyd wrote:}This is not a security hole.{quote}
  While I can understand that some may consider Kerberos automagically creating what is essentially a keychain without the users express knowledge or consent a "feature", I definitely consider it a bug and a huge security hole.
  The kerberos ticket should not live longer then the user is actually connected to the machine. Currently, if the user clicks the Disconnect button the Kerberos ticket lives on and any future connections to that server will user that ticket. This is not what users (especially novice to intermediate) would expect. If the user clicks the Disconnect button, then they would expect that they are completely disconnected and any further connections to that server would require authentication. Otherwise they leave their machine wide open, hense the security hole.
  The other thing that makes this so nasty is that if the OS decides not to use kerberos, for whatever reason, the behavior is different. It behaves as the user would expect. Clicking Disconnect does completely disconnect you from the server and any future connections will require authentication. So at a minimum there is a dangerous inconsistency in behavior between when the OS uses Kerberos and when it doesn't. That, at a minimum, should be fixed.

• Data-level security in user level

  Hi All,
  In our OBIEE we have created several application roles and assign them to the users. We set data-level security for each application role, and the filter does apply to all related users. But we want to do more specific data-level security for each user, which we did by clicking on user name in Manage Identity, and set permission with additional data filter. But this does not work.
  Let's say we have Application Role1 with access to region='Asia', but then we want to set User1 to access only subregion='North Asia' and User2 to access only subregion='South East Asia', where User1 and User2 belongs to Application Role1.
  Is this possible to work in OBIEE 11g?
  Thanks.

  Hi,
  Yes it is possible,
  Please refer the below link.
  http://satyaobieesolutions.blogspot.in/2012/06/obiee-11g-security-week-row-level.html -- stey by step is there.
  Hope this help's
  Thanks
  Satya

• How to assign possible agents at security role / CAG level?

  Hi Experts, How to assign possible agents at security role / CAG level?

  Yes, that's exactly what I'm talking about. In your task maintenance, goto additional data -> agent assignment -> Maintain
  Click on th task, click on the assign button. Choose object type 'Role', enter role.
  Cheers,
  Mike

• HUGE SECURITY HOLE IN LOGIN FROM SCREEN SAVER

  One of the options in the security panel permits a user to require that a username and password be entered to login once the screen saver locks your account.
  The option is "Require password to wake this computer from sleep or screen saver"
  Although one would assume that the credentials required to wake the computer is the username/password of the account that was being used when the computer went into sleep mode or the screen saver. WRONG!!! Anyone with an account on the machine can enter their username/password and wake the computer and voila that user now has control of the machine as the former user. That's right you guessed it HUGE security hole.
  Anyone thinking that they can wake away from their machine and have the screen saver or sleep mode protect their account after a specified period of time is sadly mistaken. Anyone with an account on the machine can enter their own username and password and drop right into your account right where you left off.
  Can you believe this stuff? No warning, no release note to tell you of such a poorly designed "security" option.
  Apple please fix what must have been an oversight or at least tell people about this intentional design BEFORE they find anyone can wake the computer and become you as a user.
  Thanks,
  JH

  jonathan_2005 wrote:
  One of the options in the security panel permits a user to require that a username and password be entered to login once the screen saver locks your account.
  The option is "Require password to wake this computer from sleep or screen saver"
  Although one would assume that the credentials required to wake the computer is the username/password of the account that was being used when the computer went into sleep mode or the screen saver.
  Never assume
  WRONG!!! Anyone with an account on the machine can enter their username/password and wake the computer and voila that user now has control of the machine as the former user. That's right you guessed it HUGE security hole.
  Anyone with a standard user account? Are you quite sure?
  Anyone thinking that they can wake away from their machine and have the screen saver or sleep mode protect their account after a specified period of time is sadly mistaken. Anyone with an account on the machine can enter their own username and password and drop right into your account right where you left off.
  I never think that way. A more secure lock is ensured by using the screen lock feature of the keychain.
  Can you believe this stuff?
  Not sure what stuff you refer to.
  No warning, no release note to tell you of such a poorly designed "security" option.
  Would you believe that anyone can access your computer? Stolen computers are regularly started up without much problem.
  Apple please fix what must have been an oversight or at least tell people about this intentional design BEFORE they find anyone can wake the computer and become you as a user.
  You are writing to other users like yourself here, not Apple.
  I also presume you are new to the Mac world.

• Java 8 not compatible with yosemite...is there a security hole?

  I installed Java8 per Oracles instructions and it is active in my Safari preferences. However, the app pop up still appears, even when I do not have Safari or any other browsers open or running. In fact, even if I reboot the computer and do not have any apps running, within a few minutes of loging in, the pop-up appears. So what is Yosemite looking for? Is there something else running Java in the background that could be a security hole?

  Hi there BallybailShannon,
  You may want to try updating Java using the installer below. 
  Java for OS X 2014-001
  -Griff W. 

• RFQ insufficient security or privacy level

  Hello
  I get the follwing error when adding a online RFQ to the system:
  I am also not able to send out a Test e-mail?
  Any Ideas?
  <?xml version="1.0" encoding="utf-8" ?>
  - <Msg xmlns="urn:com.sap.b1i.vplatform:entity" xmlns:b1il="urn:com.sap.b1i.sim:b1ilog" xmlns:b1im="urn:com.sap.b1i.sim:b1imessage" xmlns:bfa="urn:com.sap.b1i.bizprocessor:bizatoms" xmlns:jdbc="urn:com.sap.b1i.adapter:jdbcadapter" xmlns:sim="urn:com.sap.b1i.sim:entity" xmlns:vpf="urn:com.sap.b1i.vplatform:entity" branch="3" MessageId="14051208440847750512C0A8B2220185" BeginTimeStamp="20140512084408" recording="false" logmsg="0012" SubMessageId="2" status="success" vBIU.errhdlg="" exceptionmsg="com.sap.b1i.xcellerator.XcelleratorException: XCE001 Nested exception: java.lang.RuntimeException: com.sun.mail.smtp.SMTPSendFailedException: 550-Requested action not taken: mailbox unavailable 550 Insufficient security or privacy level. ; nested exception is: com.sun.mail.smtp.SMTPSenderFailedException: 550-Requested action not taken: mailbox unavailable 550 Insufficient security or privacy level." msglogexcl="false" handover2CentralSrv="" MessageLog="true"> 
  - <Header> 
  <msglog step="Default message log" always="false" b1ifactive="true" />  
  <EA vBIU="sap.sl.purchquote.req" vPac="sap.B1RFQ" snd="0010000102" rcv="0010000000" out="" dir="/com.sap.b1i.vplatform.directory/ErrorActions/ErrorActions.xml" />  
  <Hard-Reset xmlns="" originalState="INCOMMIT" finalState="COMPLETED" />  
  - <ErrorHandler phase="2" async="Default error handling" sync="Default error handling" outbound="Default error handling" errorinbox="true"> 
  - <delqueue status="false" qok="false"> 
  <queue>Q.PRC_B1.0010000102</queue>  
  <stream>S.sap.sl.purchquote.req</stream>  
  </delqueue>
  - <callvBIU status="false"> 
  <queue>Q.INB_IQ_INTQ_ASYN_QS.0010000000</queue>  
  <stream>Default error handling</stream>  
  </callvBIU>
  </ErrorHandler>
  - <Resumption> 
  <starter ipo="/vP.0010000102.in_BEAE/com.sap.b1i.vplatform.runtime/INB_B1_EVNT_ASYN_EVT/INB_B1_EVNT_ASYN_EVT.ipo/proc" />  
  <restart id="processing" q="Q.PRC_B1.0010000102" s="S.sap.sl.purchquote.req" u="14051208440847750512C0A8B2220185.2" />  
  </Resumption>
  <ProcStream>S.sap.sl.purchquote.req</ProcStream>  
  <IPO Id="INB_B1_EVNT_ASYN_EVT" tid="14051208113447750501C0A8B2223D60" />  
  <Sender Id="0010000102" ObjId="540000006" />  
  <vBIU Id="sap.sl.purchquote.req" SId="sap.B1RFQ" filter="" sndfilter="" phase="" />  
  <Successor Id="" Mode="" />  
  <Identification Ident="B1 Event" IdPar="n.a." />  
  <nsList />  
  </Header>
  - <Body> 
  - <Payload Role="T" Type="B1Event" add=""> 
  - <Event xmlns="" B1EventFilter="false"> 
  - <b1e:b1events xmlns:b1e="urn:com.sap.b1i.sim:b1event"> 
  - <b1e:b1event> 
  <b1e:eventsource>SAP_DEMO_OGD_2NKS</b1e:eventsource>  
  <b1e:objecttype>540000006</b1e:objecttype>  
  <b1e:transactiontype>A</b1e:transactiontype>  
  <b1e:usercode>manager</b1e:usercode>  
  <b1e:userid>manager</b1e:userid>  
  - <b1e:keys count="1"> 
  - <b1e:key> 
  <b1e:name>DocEntry</b1e:name>  
  <b1e:value>11</b1e:value>  
  </b1e:key>
  </b1e:keys>
  <b1e:sourcesite>INITMOBILE77</b1e:sourcesite>  
  <b1e:sourceport>1433</b1e:sourceport>  
  <b1e:sourcetype>0</b1e:sourcetype>  
  <b1e:sld value="INITMOBILE77!!SAP_DEMO_OGD_2NKS" valueport="INITMOBILE77:1433!!SAP_DEMO_OGD_2NKS" />  
  </b1e:b1event>
  </b1e:b1events>
  - <b1ie:B1IEvent xmlns:b1ie="urn:com.sap.b1i.sim:b1ievent" SysId="0010000102" SysTypeId="B1.9.0" Task="I" LocalObjectType="540000006"> 
  - <b1ie:PrimaryKeyList> 
  <b1ie:PrimaryKey Key="DocEntry" Value="11" />  
  </b1ie:PrimaryKeyList>
  </b1ie:B1IEvent>
  </Event>
  </Payload>
  <Payload Role="S" />  
  - <Payload id="ErrorInfos" iterationCount="0" reactivations="-1" tState="INCOMMIT"> 
  <ipo uri="/vP.0010000102.prc_B1/com.sap.b1i.vplatform.runtime/PRC_B1/PRC_B1.ipo/proc" tid="14051208113447750567C0A8B2223756" tStamp="20140512084412" duration="-1" initiator="[HTTP]2044639498/B1iadmin" />  
  <bfd uri="/com.sap.b1i.vplatform.runtime/PRC_B1/PRC_B1.bfd" />  
  - <exception xmlns="urn:com.sap.b1i.xcellerator:spltdoc" type="hard" userdef="false"> 
  <message>com.sap.b1i.xcellerator.XcelleratorException: XCE001 Nested exception: java.lang.RuntimeException: com.sun.mail.smtp.SMTPSendFailedException: 550-Requested action not taken: mailbox unavailable 550 Insufficient security or privacy level. ; nested exception is: com.sun.mail.smtp.SMTPSenderFailedException: 550-Requested action not taken: mailbox unavailable 550 Insufficient security or privacy level.</message>  
  <usermsg />  
  <innermsg>550-Requested action not taken: mailbox unavailable 550 Insufficient security or privacy level.</innermsg>  
  </exception>
  - <calls> 
  - <call id="B1Call_Proc"> 
  - <Envelope xmlns="urn:com.sap.b1i.xcellerator:spltdoc"> 
  - <Header> 
  <Action throwException="true" autoCommit="false">get</Action>  
  </Header>
  - <Body> 
  - <BOM> 
  - <BO> 
  - <AdmInfo> 
  <Object>540000006</Object>  
  <Version>2</Version>  
  </AdmInfo>
  - <QueryParams> 
  <DocEntry>11</DocEntry>  
  </QueryParams>
  </BO>
  </BOM>
  </Body>
  </Envelope>
  </call>
  - <call id="B1Call"> 
  - <SimpleCall xmlns="urn:com.sap.b1i.xcellerator:spltdoc" throwException="false" autoCommit="false"> 
  <Class>CompanyService</Class>  
  <Function>GetAdminInfo</Function>  
  <Parameters />  
  </SimpleCall>
  </call>
  - <call id="B1Call"> 
  - <Envelope xmlns="urn:com.sap.b1i.xcellerator:spltdoc"> 
  - <Header> 
  <Action throwException="false" autoCommit="false">getList</Action>  
  </Header>
  - <Body> 
  - <BOM> 
  - <BO> 
  - <AdmInfo> 
  <Object>2</Object>  
  <Version>2</Version>  
  </AdmInfo>
  - <QueryParams> 
  <CardCode>70000</CardCode>  
  </QueryParams>
  </BO>
  </BOM>
  </Body>
  </Envelope>
  </call>
  - <call id="B1Call"> 
  - <Envelope xmlns="urn:com.sap.b1i.xcellerator:spltdoc"> 
  - <Header> 
  <Action throwException="false" autoCommit="false">getList</Action>  
  </Header>
  - <Body> 
  - <BOM> 
  - <BO> 
  - <AdmInfo> 
  <Object>11</Object>  
  <Version>2</Version>  
  </AdmInfo>
  - <QueryParams> 
  <CardCode>70000</CardCode>  
  </QueryParams>
  </BO>
  </BOM>
  </Body>
  </Envelope>
  </call>
  - <call id="B1Call"> 
  - <Envelope xmlns="urn:com.sap.b1i.xcellerator:spltdoc"> 
  - <Header> 
  <Action throwException="false" autoCommit="false">get</Action>  
  </Header>
  - <Body> 
  - <BOM>

  Certain Firefox problems can be solved by performing a ''Clean reinstall''. This means you remove Firefox program files and then reinstall Firefox. Please follow these steps:
  '''Note:''' You might want to print these steps or view them in another browser.
  #Download the latest Desktop version of Firefox from http://www.mozilla.org and save the setup file to your computer.
  #After the download finishes, close all Firefox windows (click Exit from the Firefox or File menu).
  #Delete the Firefox installation folder, which is located in one of these locations, by default:
  #*'''Windows:'''
  #**C:\Program Files\Mozilla Firefox
  #**C:\Program Files (x86)\Mozilla Firefox
  #*'''Mac:''' Delete Firefox from the Applications folder.
  #*'''Linux:''' If you installed Firefox with the distro-based package manager, you should use the same way to uninstall it - see [[Installing Firefox on Linux]]. If you downloaded and installed the binary package from the [http://www.mozilla.org/firefox#desktop Firefox download page], simply remove the folder ''firefox'' in your home directory.
  #Now, go ahead and reinstall Firefox:
  ##Double-click the downloaded installation file and go through the steps of the installation wizard.
  ##Once the wizard is finished, choose to directly open Firefox after clicking the Finish button.
  Please report back to see if this helped you!