Symptom
An external security researcher reported that the portal objects is accessible to any user without administrator or relevant roles assigned
For example, any end user can access the below url
Similarly end users have access to the below portal objects as well
irj/portalapps*
irj/portal*
irj/servlet/prt*
irj/go/km*
Read more...
Environment
SAP Netweaver Enterprise Portal
Release independent
Product
SAP NetWeaver all versions
Keywords
KBA , EP-PIN-SEC-PER , Portal content ACL permissions (Roles, Pages...) , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.