The remaining 15 issues included 14 Medium risk vulnerabilities and one Low severity bug. As security firm Onapsis explains, the High priority vulnerability wasn’t an issue directly in the SAP platform, but a bug in a third-party library that SAP uses.