Does SAP upgrade cover prievious security notes.

Hi, i am beginner in security field and have this confusion. I am using Solution Manager to find out missing security notes from my system. Should i filter the result and implement security notes that have been released after the date of the upgrade or should I include all security notes including thoses notes relased before the upgrade date.
Thank You..

In addition to the list of security notes at https://service.sap.com/securitynotes you should have a look to the Security Patch Process FAQ as well.
Concerning your question:
Yes, all security corrections of SAP are part of a Support Package.
But there exist some pitfalls:
By the time when you finally have upgraded your production system, it's already some month old compared with the corresponding development close date for the support package at SAP. Therefore you always will find some new security notes -> Use the Maintenace Optimizer to find new security notes while you are preparing the upgrade and the application System Recommendations monthly. 
Several security notes contain manual instructions to configure the system (e.g. concerning profile parameters, RFC Gateway access control lists or logical filenames), which are valid for the new support package. -> I recommend to skip any date selection while searching for security notes. (Use a date interval only if you explicitely want to have a look, e.g. to the notes of the most recent patch day.)
Kind regards
Frank

Similar Messages

  • Things to be aware while doing SAP Upgrade on IBM AIX

    Hi,
         We are migrating from HP Unix platform to IBM AIX through our new project.
        Could you please let me know the risks of doing SAP Upgrade on IBM AIX Platform and  things to be aware while doing SAP   Upgrade on IBM AIX.
    Regards,
    Farhana

    Hi,
    You need to refer to respective system copy guide and upgrade guide to know about pre-requisites before doing migration and upgrade on AIX platform.
    Practically there are no major issues seen on AIX platform during migration as well as during upgrade.
    Hope this helps.
    Regards,
    Deepak Kori

  • SAP upgrade - questions for report painter and query

    Hi Experts,
    I have two quwstions of SAP upgrade.
    My requirement is: SAP upgrade from 4.6B to ECC 6.0 with non-unicode.
    1.Does SAP upgrade influence the report painter? If influence, could you tell me what should I do for this case.
    2. We have so many queries (SQ01) in our system and many of them haven't been run for a long time. we need a tool to get the runtimes of queries in a certain durition.
    For example: From 2008/01/01 to 2008/03/31,I want to know how many queries had been run/ query name/ runtimes of each query.
    Best regards,

    > 1.Does SAP upgrade influence the report painter? If influence, could you tell me what should I do for this case.
    You can check
    Note 1155524 - ReportWriter: Upgrade Issues ECC6.0 -Common Customer Issues
    > 2. We have so many queries (SQ01) in our system and many of them haven't been run for a long time. we need a tool to get the runtimes of queries in a certain durition.
    Such a tool was RBE (Reverse Business Engineer) - which is out of support.
    You can try to get that information from ST03. If that is not enough there's no other way than booking an SLO service to find out the queries that have not been used (http://service.sap.com/slo).
    Markus

  • Put Together A Data Archiving Strategy And Execute It Before Embarking On Sap Upgrade

    A significant amount is invested by organizations in a SAP upgrade project. However few really know that data archiving before embarking on SAP upgrade yields significant benefits not only from a cost standpoint but also due to reduction in complexity during an upgrade. This article not only describes why this is a best practice  but also details what benefits accrue to organizations as a result of data archiving before SAP upgrade. Avaali is a specialist in the area of Enterprise Information Management.  Our consultants come with significant global experience implementing projects for the worlds largest corporations.
    Archiving before Upgrade
    It is recommended to undertake archiving before upgrading your SAP system in order to reduce the volume of transaction data that is migrated to the new system. This results in shorter upgrade projects and therefore less upgrade effort and costs. More importantly production downtime and the risks associated with the upgrade will be significantly reduced. Storage cost is another important consideration: database size typically increases by 5% to 10% with each new SAP software release – and by as much as 30% if a Unicode conversion is required. Archiving reduces the overall database size, so typically no additional storage costs are incurred when upgrading.
    It is also important to ensure that data in the SAP system is cleaned before your embark on an upgrade. Most organizations tend to accumulate messy and unwanted data such as old material codes, technical data and subsequent posting data. Cleaning your data beforehand smoothens the upgrade process, ensure you only have what you need in the new version and helps reduce project duration. Consider archiving or even purging if needed to achieve this. Make full use of the upgrade and enjoy a new, more powerful and leaner system with enhanced functionality that can take your business to the next level.
    Archiving also yields Long-term Cost Savings
    By implementing SAP Data Archiving before your upgrade project you will also put in place a long term Archiving Strategy and Policy that will help you generate on-going cost savings for your organization. In addition to moving data from the production SAP database to less costly storage devices, archived data is also compressed by a factor of five relative to the space it would take up in the production database. Compression dramatically reduces space consumption on the archive storage media and based on average customer experience, can reduce hardware requirements by as much as 80% or 90%. In addition, backup time, administration time and associated costs are cut in half. Storing data on less costly long-term storage media reduces total cost of ownership while providing users with full, transparent access to archived information.

    Maybe this article can help; it uses XML for structural change flexiblity: http://www.oracle.com/technetwork/oramag/2006/06-jul/o46xml-097640.html

  • Does SAP Support the "XML Process Definition Language" (XPDL)

    Does SAP support XPDL. IF not what is the alternative standard that they support?
    regards,
    Thomas

    As far as I know there isn't any support for XML process description language. they only alternative is OMG BPDL, which is still under work.
    Many people tend to compare XPDL to BPEL, although it is not so right. I think that this link http://kswenson.wordpress.com/2006/05/26/bpmn-xpdl-and-bpel/ explain it.
    HTH,
    Natty Gur.

  • Where does SAP do inserts to table SOFFPHF ?

    Table SOFFPHF has data in the customer's system.
    But when I do a "where-used" on this table, I only get back the two places
    that I'm using it.
    Where the heck is SAP doing updates to this table ?
    I think that "where-used" doesn't find it because it's being accessed like this somewhere:
    SELECT ... FROM ( filetab) ...
    INSERT .... ( filetab)  ....
    etc.
    But where does SAP insert into it?

    not needed - aRs answered the real question

  • After upgrade to Tiger, Keychain does not show Secure Notes

    I've just finished upgrading from Panther to Tiger. I began with a Psync backup, did a fresh intall of Tiger on the boot drive, and have migrated user data manually. Everything is kosher except that Keychain 3.3 is not displaying any of my Keychain 3.1 Secure Notes.
    There doesn't seem to be anything wrong with the keychain itself. I can open it under Keychain 3.1 and it displays the notes just fine. I've also run Kechain 3.3 First Aid and it doesn't think there is a problem either.
    Any clues?

    I solved my problem, and of course the answer was staring me in the face the whole time. I keep a separate keychain for notes and certain other passwords, and this keychain had to be initially opened manually by double-clicking it. Information about secondary keychains is stored in the Keychain preferences file (which I had migrated over), but apparently was not enough to get Keychain 3.5 to open the file automatically. The keychain file only needs to be opened manually one time.
    Hope this saves somebody else a few minutes of frustration.

  • Algorithm is not updated run common upgrade to update security algorithm - 9.0 PL05

    Hi Experts,
    I am installed 9.0 PL05 in the standalone PC with SQL server 2008 R2 express edition.
    PC configuration :
    Windows 7- 32 bit
    RAM - 4GB
    I am getting the below error , when i try to open the OEC Computers company DB.
    Unable to connect to companies in current server as
    algorithm is not updated run common upgrade to update security algorithm
    Regards,
    Dwarak

    Hi,
    Try this:
    1. Delete demo DB and SBO common DB through SQL server management
    2. Remove all sap related programs from control panel
    3. Restart and reinstall everything
    Thanks & Regards,
    Nagarajan

  • Apply SAP Security Notes to all components?

    Dear Forum,
    Is it possible to take advantage of exploits in installed components although theyre not in use? I mean, when patching SAP Security Notes, does it make sence to patch components which are installed but not in use?
    Rough example:
    We have a system with 10 components (according to SPAM status) only 7 of these modules are actively used. Should all 10 receive applicable SAP Security Notes, or would it be enough to patch the ones in use?
    I hope someone is able to elaborate on this
    Thanks in advance guys,
    Kind Regards,
    Soren

    HI,
    for example reading a file. Let's say there is a bug in a program which allows malicious user to read any file on the application server. Obviously, you want to patch this even that program is not used by normal users. Another example is missing authorization checks for table view. You can have assigned proper authorizations for S_TABU_DIS but if a malicious user can trick a program without authorization check to display data from any table then you have a problem.  A real example could be an issues fixed in note 1558740. Even if you don't use IS-U those FMs are still in your system.
    Don't forget that it's good to have multiple layers of protection. So you keep authorizations tight but still you patch all security issues.
    Cheers

  • The mail app on my Mac laptop will not open.  This began happening after an upgrade during which "Security UPdate 2012-004" was installed.  My mail app has a new icon, and I think i trashed the old program (trying to follow directions).  Suggest a fix?

    The mail app on my Mac laptop will not open.  This began happening after an upgrade during which "Security UPdate 2012-004" was installed.  My mail app has a new icon, and I think i trashed the old program (trying to follow directions).  Suggest a fix?

    See possible fixes here.
    https://discussions.apple.com/message/19760703#19760703
    https://discussions.apple.com/thread/4311280?tstart=0

  • Does SAP has a GUI screen painter or not? If yes what operating systems is

    Does SAP has a GUI screen painter or not? If yes what operating systems is  it available on? What is the other type of screen painter called?

    SE51 is the transaction code for the screen painter.
    Check this link for <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/d1/801b50454211d189710000e8322d00/frameset.htm">Screen Painter</a>
    Regards
    - Gopi

  • Does SAP support incremental/delta backups?  if so which note describes it

    I'm just about to test incremental/delta backups on udb 9.5 fp1.  Now to my question:
    Does SAP support incrmental/delta backups?
    Is there a note, I couldnt get a hit on OSS
    Are there any gotcha's?  such as do I need to move read only tables to a new talbespace?
    Any info on this is greatly appreciated.
    Anke

    Hi Anke,
    You can specify whether you want to perform a full, incremental or incremental delta backup and the frequency via DB13 or the planning calender in DBACOCKPIT.
    SAP Note 1269697 DB6: Backup Performance
    should be of use to you and please also see our administration guide available at our main page
    https://www.sdn.sap.com/irj/sdn/db6 under Administration. Specifically check the guide
    "Data Recovery and High Availability Guide and Reference" mentioned in Chapter 8.3.5 Advanced Backup Techniques
    There is not a specific SAP note relating to incremental/delta backups but they can be scheduled via DB13 and so, they are supported.
    Regards,
    Paul

  • EWA does not report security notes missing and java systems

    Hello guys,
    Our early watch report don't contain section 7.1 with security notes missing in the system.
    We have solution manager 7.0 with ST-SER 700_2008_1 SP4.
    What do we need to configure so that ewa reports security notes missing?
    Another doubt, how can I get the list of security notes missing in java stack system like portal?
    thanks.
    regards,
    Filipe

    hello Filipe
    Below is a line from the SAP note 888889.
    "In the SAP EarlyWatch Alert report, the "Service Preparation Check" unit complains that Note 888889 is not implemented.  As a result, the check for security-relevant notes can only be carried out partially in the "Security" section."
    Looks like that could be the reason for that.
    For JAVA stack there is no note concept.
    Thanks & regards
    bala

  • SAP Security Note 1487730

    Last week we saw SAP releasing its SAP Security Notes as per its SAP Security Patch Day Practice .
    One of thenotes released was related to a BUG FIX in a Kernel as per note 1487730
    https://websmp130.sap-ag.de/sap/support/notes/1487330
    Now the issue goes this way .
    We are on Kernel 7.01 SP Level 79.
    According to the NOTE we need to be atleast on SP Level 103 .
    When I check out at Marketplace I can only Find SP Level 111 which is the latest and released on 14.10.2010 ie. 2 days after the NOTER was released .
    Apprantely we follow a Thumbs Rule here to Implement the Kernel which is lower than the latest Kernel .
    The issue is I cant find Kernel SP Level 103 .
    Is it safe to go for SP Level 111 .
    Our Database is ORACLE 10.2.0.4
    OS PLatform :- Solaris Sparc 64- Bit NON UNICODE
    Regards,
    Ashish .A. Poojary
    Edited by: Ashish Poojary on Oct 21, 2010 7:10 AM

    Hi Ashish,
    Generally the rule of N - 1 is followed for SAP Application patches and not for kernel.
    You can go for latest kernel, it will not be any problem.
    Thanks
    Anil

  • Do SAP Security Notes contain hacker and/or virus defence?

    Dear SCN fellows,
    I am new to this community and generally new to asking for SAP help in discussions and blogs.
    I need some advice on whether SAP Security Notes contain hacker and/or virus defences?
    I am investigating a companies SAP Security settings against its policy and global market standards.  I have identified that since our SAP rollout SAP Security notes patches have not been maintained.  RSECNOTE provides a large list of missing security notes.  I'm writing a report and what to confirm whether these notes offer any advice, support or notification of hacking or viruses.  Similar to Internet security software I guess.
    Can anyone advise if my thoughts and questioning is heading in the right direction or have I got the concept of SAP Security Notes completely wrong?
    Thank you kindly.
    Paul

    Hi Paul,
    I need some advice on whether SAP Security Notes contain hacker and/or virus defences?
    SAP releases respective security notes as per the loophole identification.  Once you run RSECNOTE you get the list of all applicable notes to your software release.
    Applying these notes will help you to remove the vulnerability SAP identified, So yes it contains solution to remove vulnerability.
    I'm writing a report and what to confirm whether these notes offer any advice, support or notification of hacking or viruses.  Similar to Internet security software I guess.
    Could you please elaborate it is not that clear to me.
    BR,
    Mangesh

Maybe you are looking for

  • How to get return values from task flow in af:region ?

    Hi! I'm working with a taskFlow that is rendered inside a popup using the "popup inside a region pattern" (http://www.oracle.com/technology/products/adf/patterns/popupregionpattern.pdf), but now this taskFlow has an input parameter and a return value

  • Lookinf for a "flexible" abstract class mechanism

    When writing an abstract class, or an interface, is there a way to force the classes who extends it to implement at least one method in a set of 2 ? For instance, public abstract class PermanentCard {    public void concretePlayByPlayer(Player parPla

  • Problem in onClick attribute of the netui:anchor tag

    Hi, I have a String object to be passed to the javascript function with onClick attribute. eg: <%String st = new String("helo");%> <netui:anchor action="display" onClick="display()"> I want to pass the object st to the java script so that I can do so

  • Is Compressor 2.3.1 compatible with OSX 10.5.1?

    is Compressor 2.3.1 compatible with OSX 10.5.1? my compressor is crashing on startup.

  • Keyboard Shortcut to cycle windows?

    I just wipped my iBook and reinstalled X.4, but now one of the shortcuts I use all the time isn't working. <Apple> ~ usually cycles through open windows of an applicaiton, but now it just beeps at me when I do it. Was there a setting I changed origin