Professional Documents
Culture Documents
TMS Administration BLOGS SAP
TMS Administration BLOGS SAP
This blog is written in an e ort to raise more awareness on securing your SAP infrastructure. In this case speci cally on the topic of
securing the SAP Transport Mechanism.
Over the past years there has been published a lot of information on securing your SAP infrastructure. SAP itself has published the SAP
Security guides, there are many SAP Security researchers that present their ndings on Security conferences and here on SCN people
are also actively blogging on this topic. Many security related topics have already been highlighted, but I found there was not much
information on the speci c topic of Securing the SAP Transport Management System (TMS). I therefore did a deep-dive into this topic
myself and wrote a whitepaper on it.
5 important vulnerabilities that might exist in your SAP infrastructure related to TMS:
•XPRA execu on
•User TMSADM exists with default password, outside client 000 or has too much authorisa on
•Access rights on the TMS transport directory share are not restric ve enough
Change default password for TMSADM user in client 000. See OSS notes 1488406, 761637, 1552894, 1414256 and 1515926
Delete TMSADM user in clients other then 000
Only assign profile S_A.TMSADM to user TMSADM
https://blogs.sap.com/2013/09/06/security-in-sap-transport-management/ 1/3
23/4/2020 Security in SAP transport Management | SAP Blogs
ABAP vulnerabilities:
Patch:
Regularly review the security notes to check for notes that are not covered by SAP Solution Manager System recommendations. Usually
these notes are for components that are not registered in the SAP Solution Manager
Protect the Gateway with an Access Control List (ACL). See the White Paper “Secure Configuration of SAP NetWeaver Application Server
for ABAP” 10
See Note 1371799 on how to prevent starting of TP via the gateway
When changing the password of the TMSADM user, do NOT use the NEW DEFAULT password. Instead choose your own strong
password
Protect RFC connections between systems with SNC
Make sure to have strict transport procedures in place. It might be considered to use ChaRM. This functionality can standardize the way
transports are moved throughout the landscape and can enforce one way of working. This excludes the use of manual steps and reduce
risk.
Do NOT forget the HUMAN factor as it is often the weakest link
See the SAP Security guides for more information
For more background information on this topic and also a detailed description on exploiting these vulnerabilities see the whitepaper on:
http://www.erp-sec.com/news/
Alert Moderator
Assigned tags
Join the Upcoming DSAG Webinars of the Working Group “Identity Management & Security” (German Language)
By Martina Kirschenmann , May 17, 2016
Security at TechEd
By Kristian Lehment , Sep 11, 2011
SAP Security Patch Day – May 2018
By Aditi Kulkarni , May 08, 2018
Related Questions
https://blogs.sap.com/2013/09/06/security-in-sap-transport-management/ 2/3
23/4/2020 Security in SAP transport Management | SAP Blogs
SAP Security Transport Release Error
Follow
By Former RSS
Member , Oct 11, feed
2013 Like
2 Comments
M. Dijsselbloem
Hey Joris,
Cheers!
Mark
Like (0)
Rakesh Ram
Hey Joris,
Regards
Deepak
Like (0)
Find us on
Newsletter Support
https://blogs.sap.com/2013/09/06/security-in-sap-transport-management/ 3/3