Skip to Content
Author's profile photo Former Member
Former Member
February 14, 2017 1 minute read

SAP Security Patch Day – February 2017

This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that customers visit the Support Portal and apply patches on a priority to protect their SAP landscape.

On 14th of February 2017, SAP Security Patch Day saw the release of 15 Patch Day Security Notes. Additionally, there were 3 updates to previously released Patch Day Security Notes.

As of March 01, 2016, SAP Security Note prioritization is based on CVSS v3 Base score. The revised prioritization scheme is aligned with the industry’s best practice, and to provide better transparency to our customers. From March 2016 security patch day, all patch day security notes will carry CVSS v3 Base score and vector information to assist our customers in their risk assessment. For further details, please refer to our blog on CVSS v3.

_________________________________________________________________________________________


Security Notes vs Vulnerability Type – February 2017

Security Notes vs Priority Distribution (September 2016 – February 2017)**

* Patch Day Security Notes are all notes that fix vulnerabilities reported by external sources and internal findings with priority “Very High”.
* Support Package Security Notes fix vulnerabilities found internally with priority “Low”, “Medium” and “High”.

** Any Patch Day Security Note released after the second Tuesday, will be accounted for in the following SAP Security Patch Day.

To view all Security Notes that are published or updated after the previous Patch Day see: https://support.sap.com/securitynotes -> All Security Notes -> Filter for notes which have been published/updated after 13th of December 2016.

To know more about the security researchers and research companies who have contributed to security patches of this month visit SAP Product Security Response Acknowledgement Page


Do write to us at secure@sap.com with your comments and feedback on this blog post.

SAP Product Security Response Team

Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Frank Buchholz
      Frank Buchholz

      I count 23 new /changed security notes which have been published after previous Patch Day (which was on January, 10th) - that's the worklist for our customers for this month!

      a) https://support.sap.com/securitynotes
      -> All Security Notes
      -> Export to CSV-File
      Search for entries published after previous PatchDay.

      b) https://support.sap.com/notes
      -> Expert search
      Filter by:
      Released On = Jan 11, 2017 - ...
      Document type = Security Note