Solution : https://service.sap.com/sap/support/notes/1481392 (SAP Service marketplace login required)
Summary :
This SAP Note addresses the implementation of XSRF (Cross Site Request Forgery) protection for integrated and external ITS services. It provides a comprehensive guideline on enabling XSRF checks via the GUI or SE80, and emphasizes the inclusion of specific support packages and kernel patches to fortify security. The note clarifies the process for activating XSRF protection by configuring parameters like "~XSRFCHECK", and it outlines manual token insertion methods where automatic insertion is untenable. This note is crucial for SAP system administrators managing ITS 6.20 and higher.
Key words :
software component sap_basis sap basis compo, select repository browser select internet service, symptom cross site request forgery, cross site request forgery, den sp patchlevel section, /sap/bc/gui/sap/, injects xsrf protection tokens, sap basis release 4, transaction sicf -> select, higher sp level
Related Notes :
| 1529098 | ITS XSRF framework as transport files |
| 1519720 | Unauthorized usage of appl functionality in prod designer UI |
| 1519704 | Unauthorized usage of application functionality in CNW1/CNW4 |
| 1518807 | |
| 1517963 | Unauthorized usage of functionality in workflow (ITS) |
| 1514483 | Unauthorized usage of application functionality in EA-HR |
| 1511203 | Unauthorized usage of application functionality in SAP_ABA |
| 1509506 | Unauthorized usage of application functionality in BCS |
| 1509016 | Unauthorized usage of application functionality in SAP_HR |
| 1507735 | Unauthorized use of application functions in IS-Media |
| 1501768 | ITS: Config. permitted or prohibited OK codes during start |
| 1475155 | ITS: ~sources param is limited to 255 chars length |