The XML file contains a description of the Support Package Stacks. It is an individual file, which contains the selection (OS and DB) you have made. Therefore, you can use this XML file only for your individual installation. The XML file will be read by the Java Support Package Manager (JSPM), which is available as of SAP NetWeaver 2004s. Software platform that forms the base of an SAP system and on which SAP applications and components are build. Use this tag for SAP system architecture, system administration, database abstraction, transactional processing, software distribution management, authorisations. The JAVA stack controls the 'Netweaver' aspect of SAP which encapsulates SAP's ability to be accessed via the Internet via SAP Portal and it's ability to interface with other SAP and non-SAP legacy systems via Process Integration (PI).
- Support package stacks allow you to keep productive applications up to date on a regular basis with a minimal cost of ownership. The introduction of minimum support package stack levels gives you more flexibility in planning your maintenance activities by reducing the.
- Java stack-Java stack is nothing but the SAP system with only java application. Application-Java applications are using in Many industries. It is entirely different from ABAP stack. USE:eg:SAP Environmental Compliance is a Java based application for environmental reporting using in industries like oil and petroleum.
Critical Vulnerability (RECON) found in SAP NetWeaver AS Java
RECON – Remotely Exploitable Code On Netweaver
July 13 US-CERT Alert, AA20-195A had been issued around SAP NetWeaver AS Java (LM Configuration Wizard) affecting versions – 7.30, 7.31, 7.40, 7.50
How this vulnerability exposes SAP critical APPS
According to SAP note 2934135 – LM Configuration Wizard of SAP NetWeaver AS JAVA, does not perform an authentication check which allows an attacker without prior authentication, to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity, and Availability of the system.
CVSS Score: 10.0; CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Potentially vulnerable SAP business solutions include any SAP Java-based solutions such as (but not limited to):
SAP Enterprise Resource Planning,
SAP Product Lifecycle Management,
SAP Customer Relationship Management,
SAP Supply Chain Management,
SAP Supplier Relationship Management,
SAP NetWeaver Business Warehouse,
SAP Business Intelligence,
SAP NetWeaver Mobile Infrastructure,
SAP Enterprise Portal,
SAP Process Orchestration/Process Integration),
SAP Solution Manager,
SAP NetWeaver Development Infrastructure,
SAP Central Process Scheduling,
SAP NetWeaver Composition Environment, and
SAP Landscape Manager.
SAP and Onapsis contributed to this Alert. See the Onapsis report on the “RECON” SAP Vulnerability for more information.
SAP Patch Tuesday, July 2020 – https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675
SAP Security Notes – https://launchpad.support.sap.com/#/notes/2947895
US-CERT – https://us-cert.cisa.gov/ncas/alerts/aa20-195a
If you are someone who is responsible for securing your ERP system, I would suggest getting in touch with Onapsis/ SAP to deploy the patch and apply compensating controls.
What Is Java Stack In Sap Basis Method