SAP Security Notes contain SAP's expert advice regarding important action items and patches to ensure the security of your systems.
Get your frequently asked questions regarding SAP security patching answered by reviewing our SAP Security Notes FAQs.
SAP takes all matters relating to your security very seriously, and we are constantly working on improving our product security measures. If you discover a potential security vulnerability in any SAP Software then follow the guidelines here.
The security maintenance of installed SAP software is key to continuously protect also against new types of attacks or newly identified potential weaknesses.
Based on feedback from customers, partners and SAP user groups, SAP has launched a regular SAP Security Patch Day, scheduled for the second Tuesday of every month — which has been synchronized with the Security Patch Day of other major software vendors.
On these SAP Patch Days, SAP publishes software corrections as SAP Security Notes, focused solely on security to protect against potential weaknesses or attacks. Access SAP Security Notes in the Launchpad, then select All Security Notes, to get the complete list of all SAP Security Notes. We recommend that you implement these corrections at a priority. Several tools are available to help identify, select and implement these corrections.
SAP categorizes SAP Security Notes as Patch Day Security Notes and Support Package Security Notes, with the sole purpose of making you focus on important fixes on patch days and the rest to be implemented automatically during SP upgrades. For details refer to the SAP Security Notes FAQ. Security fixes for SAP NetWeaver based products are also delivered with the support packages.
Starting June 11, 2019, for all new SAP Security Notes with high or very high severity we deliver fix for Support Packages shipped within the last 24 months* for the versions under Mainstream Maintenance and Extended Maintenance. This is extended from the previous Support Package coverage of 18 months.
Notes with low or medium priority contain corrections in at least the newest support package in all mainstream and extended maintenance releases.
*See the following areas with an exception from the 24 months (starting June 11, 2019) with their general maintenance strategy