Symptom
In the course of our efforts to secure our customers´ SAP systems, we are bringing some critical information to your attention. Please immediately consult the following security-related service notes, which are especially critical for your systems. All of these notes, with one exception, have already been published on the SAP Service Marketplace.
Other terms
risk management; security threat; security response
Reason and Prerequisites
This selection of security issues - especially the combination of one or more of them - represent a risk for exploitation that our Product Security Response Team has become aware of.
Solution
Please find the relevant notes in the section "Reference to related Notes". You can check the relevance of the notes 1375125, 1363371, 1362972, 1361038, 1357370, 1356215 and 1355614 for a given system using the tool RSECNOTE (see note 888889 for details). The status of these selected notes get reported in the Early Watch Alert report, too (see note 863362).
This collective note is classified as release-independent, but please check the relevance with regards to the affected products and releases directly in the related notes.
Besides the notes collected here, we also would like to point you to other relevant information that we have published in the past.
Ignoring these guidelines can raise the threat level for your system significantly.
* To configure your SAP Gateway securely
https://help.sap.com/saphelp_nw04/helpdata/en/5a/c03a069d3811d188a70000e83539c3/frameset.htm
* To setup your network securely:
https://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e00ef6211d3a6510000e835363f/frameset.htm
* To encrypt communication between SAP GUI and SAP system:
https://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/frameset.htm
* Secure Programming guides for ABAP and Java:
https://help.sap.com/saphelp_nw70ehp1/helpdata/en/44/6ad7dbe5254ddee10000000a1553f7/frameset.htm
SAP maintains a wealth of information on security in the SAP Service Marketplace. We urge you to leverage these Security Guides, which can be accessed through these links: https://service.sap.com/securityguide and http://www.sdn.sap.com/irj/sdn/security
No comments:
Post a Comment