Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

OSS note Note 1616259

Former Member
0 Kudos

Hello Gurus,

Can you please help me to understand the below information about the OSS note 1616259

u2022 what is the security issue/concern

u2022 what is the fix (SAP Note) & it's potential impact

u2022 when we can implement it

u2022 what kind of testing required

Thanks

Praveen Kumar

4 REPLIES 4

cathal_ohare
Employee
Employee
0 Kudos

Hi,

There are a few threads all ready on this topic, here is the latest:

Notes 1616058 and 1589525 contain all the information available so far, Applying the patches mentioned in the note won't casue any problems, will require some down time to apply the patch though thats availble from the market place.

More info on the security threat can be found at http://erpscan.com/wp-content/uploads/2011/08/A-crushing-blow-at-the-heart-SAP-J2EE-engine_whitepape...

Kind regards,

Cathal

0 Kudos

Hello,

Thanks for your reply, are these notes which you are refering to be applied in Java stack or ABAP stack?

Thanks

Edited by: Praveen Kumar M P on Aug 16, 2011 6:26 AM

0 Kudos

Hi,

Security notes 1589525 and 1616058 should be applied for Java Stack, the method is given in each note.

Thanks.

0 Kudos

Not sure if anyone has apply 1589525 yet. I have tried to patch LM-TOOLS NW701 SP10 to J2EE instance on NW701 SPS 7 according to note 1589525 and getting errors

"Arguments: []--> : Can't find resource for bundle java.util.PropertyResourceBundle, key com.sap.engine.services.ejb.exceptions.deployment.EJBDeploymentException: Incorrect application sap.com/tclcmdeployer:"

Tried on different instance and yet getting the same error.

K.