Skip to Content
avatar image
Former Member

does SAP upgrade cover prievious security notes.

Hi, i am beginner in security field and have this confusion. I am using Solution Manager to find out missing security notes from my system. Should i filter the result and implement security notes that have been released after the date of the upgrade or should I include all security notes including thoses notes relased before the upgrade date.

Thank You..

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Aug 23, 2013 at 07:32 AM

    Hi Abdul

    If you are updating patches frequently in system new patches contains all these notes. If a security note is high priority you need to update this manually.

    You can get more information from https://service.sap.com/securitynotes

    For your information im putting content from above link.

    SAP delivers important security fixes on its monthly Security Patch Day. SAP strongly recommends its customers to implement security fixes, flagged with priority 1 and priority 2, primarily fixing externally reported issues. The fixes are released on the second Tuesday of every month, and can be used to fix a particular vulnerability without needing to update a system to service packs.other security fixes like priority 3 and 4 will generally be delivered with support packages. SAP strongly recommends its customers to apply Support Packages on their systems as soon as a support pack is available.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 28, 2013 at 02:28 PM

    This message was moderated.

    Add comment
    10|10000 characters needed characters exceeded

  • Sep 09, 2013 at 03:59 PM

    In addition to the list of security notes at https://service.sap.com/securitynotes you should have a look to the Security Patch Process FAQ as well.

    Concerning your question:

    Yes, all security corrections of SAP are part of a Support Package.

    But there exist some pitfalls:

    1. By the time when you finally have upgraded your production system, it's already some month old compared with the corresponding development close date for the support package at SAP. Therefore you always will find some new security notes -> Use the Maintenace Optimizer to find new security notes while you are preparing the upgrade and the application System Recommendations monthly. 
    2. Several security notes contain manual instructions to configure the system (e.g. concerning profile parameters, RFC Gateway access control lists or logical filenames), which are valid for the new support package. -> I recommend to skip any date selection while searching for security notes. (Use a date interval only if you explicitely want to have a look, e.g. to the notes of the most recent patch day.)

    Kind regards

    Frank

    Add comment
    10|10000 characters needed characters exceeded