This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that customers visit the Support Portal and apply patches on a priority to protect their SAP landscape.
On 11th of April 2017, SAP Security Patch Day saw the release of 12 security notes. Additionally, there were 3 updates to previously released security notes.
April Patch Day also comprises of a Security Note 2419592 of Very High priority (Hot News). As always, we recommend that customers apply all SAP Security Notes at the earliest.
List of security notes released on the April Patch Day:
Cross-Site Request Forgery (CSRF) vulnerability in BI LaunchPad
Security Notes vs Vulnerability Types- April 2017
Security Notes vs Priority Distribution (November 2016 - April 2017)**
* Patch Day Security Notes are all notes that appear under the category of "Patch Day Notes" inSAP Support Portal
** Any Patch Day Security Note released after the second Tuesday, will be accounted for in the following SAP Security Patch Day.
Customers who would like to take a look atall Security Notes that are published or updated after the previous Patch Day see: https://support.sap.com/securitynotes -> All Security Notes -> Filter for notes which have been published after 14th March 2017.