As a global leader in business software, SAP takes customer security seriously and collaborates with external security researchers including research companies in ensuring that vulnerabilities discovered in our software are patched at the earliest. Therefore, SAP hosts a well-defined Security Response Process to enable a responsible disclosure of vulnerabilities in our software and ensure early availability of security patches. This page and the posts indexed therein are maintained by the SAP Security Response Team – an organization that also manages the monthly SAP Security Patch Day. In addition to making quality security patches available, we are committed to providing the highest levels of transparency in enabling SAP customers secure their business system landscape. SAP is a CVE Numbering Authority since November 2017. By using CVE, an industry standard, as a mechanism to disclose patches to vulnerabilities reported by external sources, we enable greater transparency and facilitate faster patch consumption for all SAP Customers. The release of CVE disclosures will be aligned with Security Notes released on SAP’s Security Patch day.