Patch Security notes are released by SAP every month with the aim of fixing the vulnerabilities detected in SAP systems, so SAP customers could apply patches on a priority to protect their systems. Each one of these reported vulnerabilities are classified following the Common Vulnerability Scoring System (CVSS).
In March 2016, a total amount of 18 notes were reported by SAP Product Security Response Team: 14 security notes and 4 updates to previously released Patch Day Security Notes. Among these vulnerabilities, according with the CVSS classification, the most critical ones were the vulnerabilities due to code execution in SAP SCTC and the SAP SDCC download functionality.