SAP Knowledge Base Article - Preview

3279643 - Third-party report shows security vulnerability about random string passed after "irj/portal"


Third-party report shows security vulnerability related to "Backup file" that it will get valid response when acces irj/portal/<random string> so it seems to be able to get some backup data. 
Therefore, you want to know if the security vulnerability exists indeed and if any string after "irj/portal" is expected behavior.



SAP NetWeaver Java System
Enterprise Portal


security, vulnerability, portal, random, string, backup, file, enterprise portal, irj, alias , KBA , EP-PIN-NAV , Navigation , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.