SAP, in its October security patches communication, has issued a total of 11 security updates, 2 of them as medium priority while the rest as low (9) priority. Among these vulnerabilities, 2 are related with Cross-site Scripting, 1 of service denial, 1 of authorization check failure, while the rest related with SQL injection.
Regarding the Novemeber report,a total of 10 vulnerabilities were identified, but only two with high priority. The rest was identified as medium priority the rest. Although there were 10 updates in this month, 4 aimed to solve problems with the authorization check.
For more information see: SAP COMMUNITY NETWORK : October & November