SAP Security Patch Day – September 2024
Many ‘Medium’ to ‘Low’ priority notes. The September release contains a total of 19 patches for the severities illustrated as follows.
In this article, we explore the differences between the two processes – SAP Vulnerability Management and SAP Patch Management, and how they can help bolster the security of SAP systems.
Vulnerability Management and Patch Management are processes that are linked together but are not the same. They are often assumed to be similar but are distinct with different purposes and goals.
Patch Management is a process used to update software like operating systems and applications on an asset logically and periodically. In the area of SAP systems, this means updating the operating system and database, but also the different SAP Software components of, for example, ABAP and JAVA stacks, and components like the SAP kernel executables, WebDispatchers, SAProuter, etc.
These patches can also include specific SAP bug fixes, often referred to as SAP Security Notes. The purpose of a Patch Management process is to highlight, classify, prioritize, apply, and test any missing patches on an asset. These activities can also be referred to or be part of remediation/mitigation activities.
Vulnerability Management is a process that discovers and categorizes security vulnerabilities or misconfigurations within operating systems, databases, or applications, and reports on these security vulnerabilities. A Vulnerability Management product, for example, can scan the asset and report the known vulnerabilities found along with remediation advice. This can include missing patches but has a much broader view, encompassing misconfigurations, wrong default settings, activated dangerous services, and more. In other words, Vulnerability Management extends beyond just Patch Management, which is just a part of it.
SecurityBridge’s SAP Certified solution helps and supports both the above processes by identifying and categorizing risk. Interested to learn how? Contact us to find out more about our software and follow us on LinkedIn for more SAP security-related news, articles, and whitepapers!
Posted by
Find recent Security Advisories for SAP©
Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.
Many ‘Medium’ to ‘Low’ priority notes. The September release contains a total of 19 patches for the severities illustrated as follows.
SAP Cloud Identity Access Governance (IAG): An Introduction to Best Practices SAP Cloud Identity Access Governance (IAG) enables organizations to manage user access and compliance
Join industry leaders for a one-day event in Madrid to explore SAP security solutions and fortify your enterprise against evolving threats.