Learn about known issues and apply workarounds for SAP Mobile Platform security.
| Issue # | Description |
|---|---|
SMPONP-13496 | HTTPS port has SSLv3/TLS renegotiation
vulnerability The SAP Control Center HTTPS port (default value is 8283) is susceptible to the SSLv3/TLS renegotiation vulnerability. The way in which SSL and TLS protocols handle renegotiation requests may allow an attacker to inject plaintext into an application protocol stream, resulting in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. For
vulnerability details see:
Workaround: Fixed in 2.3 SP04. Upgrade is recommended. |
SMPONP-12442 | Changes to SQL Anywhere Server and Utility
|
RTC-60 | SAP Mobile Server restart is needed after changing keystore. Workaround: If you change anything relating to keys or certificates in the keystore, you must always restart the server. Changes only take effect after a server restart. |
CR-708833 |
External authentication token is not properly handled by iOS
Hybrid Web Container (HWC). Workaround: For an external token to be passed to and used by iOS Hybrid Web Container for performing single sign-on (SSO), make the call to setHttpHeaders before starting the client engine by placing [self setHttpHeaders] in the first line in the startEngine function. See Setting HTTP Headers in Developer Guide: Hybrid App Packages. |