Skip to Content
author's profile photo Former Member
Former Member

does SAP upgrade cover prievious security notes.

Hi, i am beginner in security field and have this confusion. I am using Solution Manager to find out missing security notes from my system. Should i filter the result and implement security notes that have been released after the date of the upgrade or should I include all security notes including thoses notes relased before the upgrade date.

Thank You..

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Posted on Aug 23, 2013 at 07:32 AM

    Hi Abdul

    If you are updating patches frequently in system new patches contains all these notes. If a security note is high priority you need to update this manually.

    You can get more information from https://service.sap.com/securitynotes

    For your information im putting content from above link.

    SAP delivers important security fixes on its monthly Security Patch Day. SAP strongly recommends its customers to implement security fixes, flagged with priority 1 and priority 2, primarily fixing externally reported issues. The fixes are released on the second Tuesday of every month, and can be used to fix a particular vulnerability without needing to update a system to service packs.other security fixes like priority 3 and 4 will generally be delivered with support packages. SAP strongly recommends its customers to apply Support Packages on their systems as soon as a support pack is available.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Aug 28, 2013 at 02:28 PM

    This message was moderated.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Sep 09, 2013 at 03:59 PM

    In addition to the list of security notes at https://service.sap.com/securitynotes you should have a look to the Security Patch Process FAQ as well.

    Concerning your question:

    Yes, all security corrections of SAP are part of a Support Package.

    But there exist some pitfalls:

    1. By the time when you finally have upgraded your production system, it's already some month old compared with the corresponding development close date for the support package at SAP. Therefore you always will find some new security notes -> Use the Maintenace Optimizer to find new security notes while you are preparing the upgrade and the application System Recommendations monthly.
    2. Several security notes contain manual instructions to configure the system (e.g. concerning profile parameters, RFC Gateway access control lists or logical filenames), which are valid for the new support package. -> I recommend to skip any date selection while searching for security notes. (Use a date interval only if you explicitely want to have a look, e.g. to the notes of the most recent patch day.)

    Kind regards

    Frank

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.