SAP has issued a baker's dozen of high, medium, and low-severity patches.
The fixes cover four denial of service vulnerabilities, two sets of directory traversal and missing authorisation holes, a cross-site scripting and a SQL Injection flaw, and four miscellaneous security shortcomings.
More ReadingSAP Australia's MD and COO both resign to 'pursue opportunities outside the company'Web pages, Word docs, PDF files, fonts – behold your latest keys to infecting Windows PCsWindows 10 Anniversary Update crashing under Avast antivirus updateBlackBerry DTEK 50: How badly do you want a secure Android?Two first-gen flaws carried over to HTTP/2, warn security bods
SAP does not include any detail about what flaws its patches address on its public site.
The company also updated 13 security flaws patched last month.
The security severity of recent SAP patches.
A troop of 11 unpaid security researchers were responsible for reporting this month's 13 flaws.
Notable among those are the trio of Daria Prosochkina, Mathieu Geli, and Vahagn Vardanyan, from prolific research security outfit ERPScan.
Update: SAP has been in touch with an official statement: "Security patches are available for download on the SAP Service Marketplace. We strongly advise our customers to secure their SAP landscape by applying the available security patches from the SAP Service Marketplace immediately."