In our previous blog post and on the SAP HANA security web site at http://hana.sap.com/security, we already described the comprehensive security approach that is applied at SAP and specifically at SAP HANA that helps customers to protect their most valuable assets.
One core element of SAP’s security commitment is that SAP provides full transparency to customers on how they can set up, operate, and keep their systems secure.
As part of this commitment to transparency, with the latest SAP Security Patch Day, on March 14th, 2017 SAP released five security notes for SAP HANA.
Of the five security notes, only two are rated with a Very High and High criticality. These criticality ratings indicate that affected customer systems could be at serious risk if an attacker exploits one of these vulnerabilities. Both issues affect only customers who:
We expect very few SAP HANA customers to be affected by these issues. More details on these two issues are available in the “Technical Details” section at the end of this post.
Customers are specifically advised to assess if they are affected by either of these issues and take appropriate actions. SAP provides detailed information for security experts and administrators in the security notes listed below. Fixes for all issues are included in the newest supported releases of SAP HANA in line with SAP HANA’s maintenance strategy.
If you want to learn more about SAP HANA security, read our SAP HANA security whitepaper or visit http://hana.sap.com/security. For information on SAP’s security strategy and approach, please visit http://sap.com/security.
Additional Technical Details:
Below is a short summary of the most important notes affecting SAP HANA customers (criticality very high and high). For information on all SAP security notes released as part of this SAP Security Patch Day, please go to SAP Security Response Blog.
All security issues are fixed in SAP HANA revisions 122.7 or higher for SAP HANA 1.0 and revision 1 for SAP HANA 2.0 SPS 00. Customers already running on these releases are not affected. SAP HANA, Express Edition customers are advised to update to the latest version.
(*) Security notes are accessible to SAP customers through the SAP support portal.