Security issue concerning BW reports as an iView

Similar Messages

• Shared Services Security Issue with Financial Reporting - 11.1.1.3

  Hi,
  So we have some users that are provisioned in some groups. Those groups have Essbase Server Access and Planner access to an application. That access is working great. They have access to the app and they have access via Smartview to the cube.
  Now we need them to be able to see all the Financial Reports (FR) created for that application. There are so many provisioning choices under 'Reporting and Analysis', that I'm not sure how to get this done correctly. Right now we have to assign 'Viewer' access and 'Explorer' access under 'Content Manager' tree in order for this to happen. I just think this seems wrong. We just need the user to be able to run and view a report from Workspace.
  Any help is appreciated as this is a very green area for me.

  Hi,
  You will need both Viewer and Explorer access for users to run reports.
  the reason is that without the Explorer, users will not be able to see any reports or the explorer in Workspace.
  Without Viewer, users will not be able to view/open any of the reports. You also have to give report access to users anyway related to the groups.
  You can see anll information about different security roles for Reporting and Analysis in the shared Services admin guide.
  The documentation is the best place to start for any information needed and confirming what fulfills your needs.
  Cheers
  RS

• Security issue in Crystal Report 2008 for SAP B1

  Hi Friends,
                   I want to hide the Query which is used in my report from the end user,I don't want they can see and edit the report after exporting from sap b1.
  Please help.....its urgent
  Thanks.
  Andy

  Hi Andy,
  SAP B1 is an OEM version of CR 2008. I can't move your post so please mark as answered and post your question to this forum:
  /community [original link is broken]
  Thank you
  Don

• RV042 reports tunnel disconnection without connection for foreign IP, Security issue?

  Dear all,
  we are recently working with a RV042 router, with VPN group tunnel (connectig throw shrew VPN). Last days router is logging disconnections like this ("[XXX]" text replaced for security reasons)
  Dec 9 17:02:58 2014 XXX VPN Log: (grpips0)[72] [XXX].[XXX].[XXX].0/24=== ...113.240.173.58===?: [Tunnel Disconnected] instance with peer 113.240.173.58 {isakmp=#0/ipsec=#0}
  But NO RELATED "connections" (apart from our own controled connection/disconnection) is reported previously. Is this a security issue/breach?
  (The foreign IP was left clear so if anyone knows about that particular IP, can make a comment.)
  Thanks in advance. Regards, Juan.

  Zach,
  I will try to use that approach while using dynamic IPs to connect to VPN (cannot build an stable whitelist, and this can lead to connection lost in the near future until new IP is registered in the remote router).
  What I do not understand is:
  router logs a disconnection without a previous connection
  no other activity is detected on the VPN (perhaps only spying?)
  when I disconnect, two logs are generated (in order of appearance)
  Dec [xxx] [xxx]:[xxx]:[xxx] 2014 3EFF-3196 VPN Log: (grpips0)[73] 192.168.2.0/24=== ...[xxx].[xxx].[xxx].[xxx]===?: [Tunnel Disconnected] instance with peer [xxx].[xxx].[xxx].[xxx]{isakmp=#0/ipsec=#0}
  Dec [xxx] [xxx]:[xxx]:[xxx]2014 3EFF-3196 VPN Log: (grpips0)[73] [xxx].[xxx].[xxx].0/24=== ...[xxx].[xxx].[xxx].[xxx]===? #220: [Tunnel Established] ISAKMP SA established
  when foreign IP disconnects, only one is generated (e.g. whitout #220)
  Does this have an explanation?
  Thanks again, Juan.

• Security issues in Mavericks 9.04

  I just had a secure scan done on my Mavericks server. The main issues seem to be:
  OpenSSL Running Version Prior to 0.9.8za Upgrade to OpenSSL version 0.9.8za or newer.
  Apache mod_negotiation Multi-Line Filename Upload Vulnerabilities (Upgrade to Apache version 2.3.2 or newer.)
  Given that upgrading these would mean compiling and installing Apache and OpenSSL(which I'm not really keen to do) I'm wondering what experienced admins think of these threats.

  pkmusic wrote:
  Dumb question - so a self-signed SSL cert doesn't use Open SSL?
  Certificates are used with ssh and SSL/TLS and such, yes.  Most of OS X uses Secure Transport for its certificate- and SSL/TLS-related processing, but Apache does not.  Apache is linked against OpenSSL.
  Self-signed certificates lead to a different security issue.  
  An HTTPS site with a self-signed certificate will be considered untrusted by accessing web clients and the web browser will usually issue diagnostics before allowing access to the site or a diagnostic before marking the certificate as trusted, or that you've set up your own certificate chain and installed your own root certificate.  That you're asking this question implies the former; that you're not really running HTTPS with a trusted certificate chain.   Which generally means you can just shut off SSL/TLS.
  As for the original question, here's how the scanner is likely detecting the down-revision versions — if you look at the server details being returned to the client, you'll see some information on Apache and OpenSSL versions embedded in the response:
  $ telnet foo.example.com 80
  Trying 10.1.3.1...
  Connected to foo.example.com
  Escape character is '^]'.
  HEAD / HTTP/1.0
  HTTP/1.1 301 Moved Permanently
  Date: Sun, 20 Jul 2014 14:40:11 GMT
  Server: Apache/2.2.26 (Unix) PHP/5.4.24 mod_ssl/2.2.26 OpenSSL/0.9.8y DAV/2
  Location: http://foo.example.com/
  Cache-Control: max-age=1209600
  Expires: Sun, 03 Aug 2014 14:40:11 GMT
  Connection: close
  Content-Type: text/html; charset=iso-8859-1
  Connection closed by foreign host.
  $
  That won't get fixed without replacing Apache et al or one of the other options, as described in my earlier reply.
  For completeness, some folks will manually configure the server to not return these details.  That'll derail the the vulnerability scanner, certainly.  It might not have the intended result, too, as the remote attackers can simply decide to throw every attack they have at your server — the attackers are not short on CPU cycles and network bandwidth, after all; unintended consequences.
  As for using a self-signed cert and given you probably aren't providing file-level access to other folks, I'd not (personally) be particularly concerned about that vulnerability scan — one of the limitations with using vulnerability scanners is that you then have to go off and figure out if you're actually vulnerable to whatever the scanner is reporting.  It's an issue certainly, but then you'll have to decide if your backups are complete and current and with copies kept off-site, and if your other security practices and password policies and such are also all up to date and secure, and at what else you might risk if the server is breached — if configuring a DMZ for your server might be appropriate, for instance, to isolate the server from the rest of your network should the server be breached.

• Deadlock with thread issues while generating reports with Crystal Report XI

  We are facing deadlock with thread issues while generating report with Crystal Report XI
  Version Number is 11.0 and the database used is Oracle
  In the log file on line number 74350  by 2008/12/16 13:35:54 there is a dead lock with Thread: u20184u2019 is waiting to acquire lock for 'com.crystaldecisions.reports.queryengine.av@15214b9' which is held by the Thread: '0'.
  And  a dead lock with Thread: u20180u2019 is waiting to acquire lock for 'com.crystaldecisions.reports.queryengine.av@15214b9' which is held by the Thread: '4'.
  Exactly after 10 minutes we can see the thread 4 and 0 are declared as STUCK by 2008/12/16  13:45:54 .
  Is this an existing issue with Crystal Report?
  Is there some solution for this problem?
  THE LOG FILE INFORMATION IS GIVEN BELOW
  [deadlocked thread] [ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)':
  Thread '[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'' is waiting to acquire lock 'com.crystaldecisions.reports.queryengine.av@15214b9' that is held by thread '[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)''
  Stack trace:
       com.crystaldecisions.reports.queryengine.av.V(Unknown Source)
       com.crystaldecisions.reports.queryengine.av.do(Unknown Source)
       com.crystaldecisions.reports.queryengine.as.if(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.datainterface.j.c(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.datainterface.j.a(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.datainterface.j.a(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.cy.b(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.cy.long(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.a1.o(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.a1.a(Unknown Source)
       com.crystaldecisions.reports.common.ab.a(Unknown Source)
       com.crystaldecisions.reports.common.ab.if(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.a1.if(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.a1.o(Unknown Source)
       com.crystaldecisions.reports.reportengineinterface.a.a(Unknown Source)
       com.crystaldecisions.reports.reportengineinterface.a.a.b.a(Unknown Source)
       com.crystaldecisions.reports.sdk.ReportClientDocument.open(Unknown Source)
       com.sysarris.aris.crystalreports.RepServlet.generateReport(RepServlet.java:65)
       com.sysarris.aris.crystalreports.RepServlet.doPost(RepServlet.java:40)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
       weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:225)
       weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:127)
       weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:272)
       weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:165)
       weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3153)
       weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:1973)
       weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1880)
       weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1310)
       weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
       weblogic.work.ExecuteThread.run(ExecuteThread.java:179)
  [deadlocked thread] [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)':
  Thread '[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'' is waiting to acquire lock 'com.crystaldecisions.reports.queryengine.av@12e0415' that is held by thread '[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)''
  Stack trace:
       com.crystaldecisions.reports.queryengine.av.V(Unknown Source)
       com.crystaldecisions.reports.queryengine.av.do(Unknown Source)
       com.crystaldecisions.reports.queryengine.as.if(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.datainterface.j.c(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.datainterface.j.a(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.datainterface.j.a(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.cy.b(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.cy.long(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.a1.o(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.a1.a(Unknown Source)
       com.crystaldecisions.reports.common.ab.a(Unknown Source)
       com.crystaldecisions.reports.common.ab.if(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.a1.if(Unknown Source)
       com.crystaldecisions.reports.reportdefinition.a1.o(Unknown Source)
       com.crystaldecisions.reports.reportengineinterface.a.a(Unknown Source)
       com.crystaldecisions.reports.reportengineinterface.a.a.b.a(Unknown Source)
       com.crystaldecisions.reports.sdk.ReportClientDocument.open(Unknown Source)
       com.sysarris.aris.crystalreports.RepServlet.generateReport(RepServlet.java:65)
       com.sysarris.aris.crystalreports.RepServlet.doPost(RepServlet.java:40)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
       weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:225)
       weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:127)
       weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:272)
       weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:165)
       weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3153)
       weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:1973)
       weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1880)
       weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1310)
       weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
       weblogic.work.ExecuteThread.run(ExecuteThread.java:179)
  Can you please suggest any work around for this?

  I'm not referring to Servlet threading issues.
  I'll clarify.
  You have two threads, both entering ReportClientDocument.open(...) method.
  Thread 4 is waiting to acquire 'com.crystaldecisions.reports.queryengine.av@15214b9'
  Thread 0 is waiting to acquire ''com.crystaldecisions.reports.queryengine.av@12e0415'
  So I'm thinking ??? are they the same objects?
  My specific question concerning the ReportClientDocument is that both are calling open - i.e., trying to open a new report.  You wouldn't be trying to open different reports using the same ReportClientDocument - so was wondering if you've cached the RCD and trying to open two different reports at the same time on the same instance via different threads.
  You'd normally tie a ReportClientDocument instance to a HTTP Session, to ensure each user gets their own copy.
  Sincerely,
  Ted Ueda

• Company email access denied to iphone users due to security issues, help!

  I am interested in purchasing an iphone but my company said they won't allow access to our company email with the iphone due to security issues. Any one else heard of that? Is there some way for me to forward my company email to the account I would set up under the itunes? It seems there are a lot of unhappy people out there with these phones, are there any happy users out there? It seems like such a cool device and I want one but don't want to get stuck with something I can't use or that I am going to have problems with.

  Of course there are happy users.
  These discussions are like a hospital for Mac products with nothing but problems reported here. If you based a decision on purchasing an Apple product, any product on these discussions, you would never purchase any. Coming to the conclusion here that there are no happy users and the iPhone is nothing but problems would be like visiting a local hospital in your area full of patients (all are) and coming to the conclusion that everyone in your community must be sick and/or dying.
  What type of email account - POP, IMAP or Exchange through an Exchange Server?
  Accessing an email account on an iPhone is no different than accessing the account with a computer. Funny that your company claims the iPhone has security issues and prevents access but certainly allows PCs running Windows to access company email accounts? Sorry but this is my biggest laugh of the day - not at you but at your company. Your company has loads of security issues and concerns with any version of Windows accessing their network than they would ever come close to with an iPhone accessing the incoming mail server to download messages.
  If your company allows for email account forwarding, you can do so.

• Java IDE Security Issues

  I'm evaluating Java IDE's. My boss wants me to evaluate IDE security issues. I can't think of any issues, or how an IDE can have anything to do with security, but didn't want to sweep it under the rug without asking all of you security experts.
  Are there any security concerns when selecting a Java IDE?

  Yeah, you confirmed what I already knew I suppose.
  Unfortunately, I know nothing if this organization, as
  I'm only consulting. The management here INSISTS that
  security be addressed, but I think it's out of scope
  for Java IDE selection. Thanks!In that context, things like "supports HTTPS and ssh access for remote development" may be exactly what they're looking for. It lets managers say "Yes we considered security in making this purchase, and yes the developers of this tool take security seriously." Doesn't mean that security is ever going to impact the actual use of the product.
  Remember that a portion of any management decision goes to insuring you can show a good-faith effort to avoid problems, when/if they happen down the road and someone's looking for a fall guy...
  Good luck!
  Grant

• Possible Mac Mail Security Issue

  A couple of times each week, I'm receiving returned e-mail messages that describe mail that I did not actually send.  The "undeliverable" addresses in the Mailer-Daemon notifications are unfamiliar and involve a different overseas address for each notification. 
  Every aspect of the computer runs fine.  in four years of being a devout Mac convert, I have not seen this type of problem until the past few weeks.  So from my standpoint, the false notifications are just a minor annoyance.  I've been deleting them.  But, I wonder if there could there be a security issue or some other problem?
  Thanks very much,
  Charley

  I am experiencing the same thing and it has just started in the last few weeks also. I get the mailer-daemon messages telling me I have had my emails rejected to people that I don't even know nor do I have anything to do with the message being rejected.
  I am concerned that my computer has somehow been compromised but do not know whether or not this is the case.
  The issue is how do we try to stop this - I read elsewhere that the email password needs to be changed but I am not sure if this is actually going to do anything at all.
  Anyone have a suggestion to stop this?
  Thanks

• SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT - Active Directory Security Group Discovery Agent reported warnings for 524 object(s). DDRs were generated for 0 object(s) that had warning(s) while reading non-critical properties.

  Hi, can anyone help me troubleshoot the following please:
  Active Directory Security Group Discovery Agent reported warnings for 524 object(s). DDRs were generated for 0 object(s) that had warning(s) while reading non-critical properties. DDRs were not generated for 524 object(s) that had warnings while reading
  critical properties.
  Possible cause: OU name or Security Group name may contain at least a Unicode character which has conversion problem between Unicode and your system ANSI locale(e.g. Korean characters in English System Locale). The site server might not have access to
  some properties of this object. The container specified might not have the properties available.
  Solution: Please verify the Active Directory schema for properties that are not replicated or locked. Refer to the discovery logs for more information.
  Does the error relate to 524 security groups? There are several invalid search paths listed in adsgdis.log, are these related?
  Thanks,
  Dale

  You'll have to examine the log to determine exactly which objects its referring to. Although this is in the context of group discovery, group discovery still creates DDRs for computer objects within those groups so it could be either groups or computers.
  This is not a search path issue though as it's clear that the discovery process found 524 different objects, but as stated, it could not properly read criticial properties of those objects and thus did not create DDRs for them.
  As mentioned, reading the log in detail will list the objects individually and the reason it could not create a DDR for it.
  Jason | http://blog.configmgrftw.com

• Why is Java Deployment Toolkit (click-to-play) blocked, also the referenced bug is closed and there are no security issues known in Version 7 U51?

  I think it is important to block unsecure addons. But if you do so there should be an open bug assigened. The referenced bug for this add-on is allready resolved so I do not know why this plugin is disabled. https://bugzilla.mozilla.org/show_bug.cgi?id=636633
  I have the problem that I want to use Secure_Auth that is using the Java Deployment Kit in such a nasty way (via javascript) that firefox doesn't see that the deployment kit should be started. Therefore I will not be asked to allow this plugin always for this web site. Since there is no documentation available how to do this configuration in a config file I am stuck at the moment.
  I'm a liitle bit suprised that blocking all versions (even secure versions) is a way to get a good user experience.
  Regards
  Martin

  ''MG_DAU wrote:''
  The referenced bug for this add-on is allready resolved so I do not know why this plugin is disabled. https://bugzilla.mozilla.org/show_bug.cgi?id=636633
  That's a bug report in the Blocklisting component, meaning it's a request to add an add-on to the blocklist. The fact that it's marked as fixed means the add-on has been added to the blocklist.
  * https://addons.mozilla.org/firefox/blocked/p428
  * [[Add-ons that cause stability or security issues are put on a blocklist]]
  Given that there's no way to disable Click-to-Play for this plug-in (the only options are Ask to Activate or Never Activate), if Firefox doesn't trigger a Click-to-Play prompt, I see no way to use it apart from disabling the entire blocklist. This carries a considerable security risk, as no plug-ins will be blocked or set to Click-to-Play, including known malware. If you're sure you want to go through with it, set ''extensions.blocklist.enabled'' to '''false''' in [http://kb.mozillazine.org/About:config about:config].

• Security issues for Discoverer 10g apps 12i

  gurus,
  I have couple of things to get it done at client.
  We are on Oracle Apps rel 12i with dicoverer 10g.
  Did anyone setup MOAC to be enabled and operational in business areas?
  Setting up secure responsibilities in discoverer for MOAC?
  Any setup needs to be done for custom report security in discoverer ?
  thx

  Hi,
  I did setup new MOAC security profiles and assigned multiple organizations to that profile for testing purpose.
  After this, I did run concurrent program "Security List Maintennce" etc...
  Tested Upding profile at user level or responsibility level.
  On APPS side fine.
  I need the some basic steps on setup of security issues for discoverer side.
  1) Business areas (any security steps need to be followed in order to access data for single or multi-org)
  2) Custom Reports ( any security setup or any moac security profile setting against responsibilty for accessing single or multi-org data)
  Since we dont have default operating unit parameter as specified in the concurrent program, how do you restrict data?
  3) Reconciling security approach r12 with discoverer (any steps need to be followed here after r12 configuration with security issues)
  4) Custom Views ( any steps to be followed for single or multi-org data as security aspect)
  Looking for info on these setups.
  Thx

• Security issue in DNS ! Update bind.

  Apparently there is a massive security issue in DNS protocol : http://securosis.com/2008/07/08/dan-kam … -released/
  or http://www.kb.cert.org/vuls/id/800113
  I am surprised I haven't seen any post on the forum about it. For now a solution could be to update bind to 9.5.0-P1 (I don't know if the one in testing is this particular one, there is no "P1").
  Every DNS server has to be upgraded since the issue is in the protocol, not in the code !

  A lot of systems got updated yesterday/today. I just checked a Windows Server 2003 x64 RC2 at work; yesterday it was vulnerable, but today it's reported safe after the recent security updates (this site offers some kind of check: http://www.doxpara.com/)
  I believe all the "big" ones in Linux did release an update yesterday, so there's probably plentiful of patches around... which is beyond the limits of my brain cells at the moment.

• Powerview Cannot connect to the server due to a security issue. The server may not have been able to match the host for silverlight

  Hello,
  I have a sharepoint 2010 sp1 CU Dec 2011 server with a SQL Server 2012 SP1 CU4 reporting services instance.  I am able to open Power View and use it normally when bypassing the ISA Reverse Proxy server.  However when going thru ISA I receive the
  following Error.
  Power View  Cannot connect to the server due to a security issue.  The server may not have been able to match the host for Silverlight.  This error appears after I click yes on an Internet Explorer Display Mixed Mode prompt.
  I've seen a couple references to this issue but not much.  This one mentions a clientaccesspolicy.xml file but I haven't had any luck with that.  http://connect.microsoft.com/SQLServer/feedback/details/716433/cannot-connect-to-the-server-due-to-a-security-issue-the-server-may-not-have-been-able-to-match-the-host-for-silverlight
  Any Ideas?  Thanks.
  Ryan

  Hi Ryan,
  Based on my research, the issue should occur due to a by design behavior in Threat Management Gateway (TMG). To work around this issue, you can use SSL between the TMG and the SharePoint Web Server.
  Hope this helps.
  Regards,
  Mike Yin
  TechNet Community Support

• Im running os x10.9.1 macbook pro  do i have a security issue??

  im running os x10.9.1 macbook pro  do i have a security issue??

  If you mean this:
  goto fail
  there is a potential problem, though it's not known to have been exploited. If you're concerned, you can avoid it by temporarily switching from Safari to either Firefox or Chrome when using a public Wi-Fi hotspot.