03-30-2021 1:23 PM
Hi,
We are monitoring security audit log and receiving the events "In program (event id:BUZ) " and "field content changed (event id:CUL)". Please provide the details about these events
03-30-2021 5:11 PM
04-12-2021 8:39 PM
04-30-2021 12:25 PM
Hi,
why these events are critical?
what is " In program (event id:BUZ)" ? Is it indicates the execution?
I have not get the correct idea about these events
04-30-2021 2:54 PM
Hello,
changing a field value in a debugging session can be used, for example, to bypass authorization checks.
Changing the value of SY-SUBRC to 0 after an AUTHORITY-CHECK statement would allow the program to continue even if the necessary authorization is not given. Self-assignment of SAP_ALL would also be possible. Therefore it is critical and to be logged in the Security Audit Log.
04-13-2021 2:12 AM
With Audit Log(SM19/SM20) or System Log(SM21), "critical" activities of debugger will be recorded. This is explained in notes:
1559742 - Insufficient Logging of Debugger Activities
1411741 - Evaluating debugger events in audit log
04-28-2021 6:43 AM
04-28-2021 7:07 AM
https://launchpad.support.sap.com/#/notes/1559742
https://launchpad.support.sap.com/#/notes/1411741
You need a S-USER to check notes