SICF services to be disabled

Some SICF services might be activated from the past. For security they might pose a risk. The best action is to pro-actively disable them.

/sap/bc/bsp/sap/bsp_veri
/sap/bc/bsp/sap/certmap
/sap/bc/gui/sap/its/CERTMAP
/sap/bc/bsp/sap/certreq
/sap/bc/gui/sap/its/CERTREQ
/sap/bc/echo
/sap/bc/error
/sap/bc/FormToRfc
/sap/bc/bsp/sap/icf
/sap/bc/srt/IDoc
/sap/bc/idoc_xml
/sap/bc/report
/sap/bc/soap/rfc
/sap/bc/webrfc
/sap/bc/xrfc
/sap/bc/xrfc_test		1422273
*1417568
1417568
*1417568
1417568
626073
626073
626073
1422273
*1487606
1487606
626073
1394100
979467
626073
626073
Remarks on the (*): these services still might have a business need, double check these before de-activating.

Critical services according to note 887164:
/sap/bc/bsp/sap/bsp_model
/sap/bc/bsp/sap/htmlb_samples
/sap/bc/bsp/sap/it00
/sap/bc/bsp/sap/it01
/sap/bc/bsp/sap/it02
/sap/bc/bsp/sap/it03
/sap/bc/bsp/sap/it04
/sap/bc/bsp/sap/it05
/sap/bc/bsp/sap/itmvc2
/sap/bc/bsp/sap/itsm
/sap/bc/bsp/sap/sbspext_htmlb
/sap/bc/bsp/sap/sbspext_phtmlb
/sap/bc/bsp/sap/sbspext_table (see note 2948239)
/sap/bc/bsp/sap/sbspext_xhtmlb
/sap/bc/bsp/sap/system_private
/sap/bc/bsp/sap/system_public

Source: SAP security baseline.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.