Frequently asked questions regarding SAP Note 2407616: Remote Code Execution vulnerability in SAP GUI for Windows:
We do not have a saprules.xml file, and we are not using SAPGUI 7.4 patch 12. Does this issue affect us?
The SAPGUI 7.4 patch 12 is not currently installed. However, if SAPGUI 7.4 patch 12 is installed in one test box and it creates a saprules.xml files that is pushed to all users, will the security vulnerability described in note 2407616 be solved?
Can SAP support check our saprules.xml file to determine if the security vulnerability described in note 2407616 is solved?
Which is a better solution: 1) Pushing saprules.xml or 2) Installing SAPGUI 7.4 patch 12?
What is the implication of this security issue?
- Will this issue affect the backend server as well?
- Or, is this totally frontend related?
- Can someone get access to the backend through this frontend security issue?
SAP GUI for Windows
SAP GUI for Windows; SAPGUI; Security Rule; Security Configuration; saprules.xml; User Rules; Administrator Rules; registry value Location;2407616; remote code execution vulnerability;, KBA , BC-FES-GUI , Graphical User Interface , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.