SAP released 19 security notes on Security Patch Day on Tuesday. The most serious of them, rated with the highest severity score, affects the company’s Business Client product. Two other products from the company received patches for critical severity flaws that give unauthorized users access to configuration objects and allow remote code execution. The National Institute of Standards and Technology (NIST) has yet to analyze the issue and provide a severity score of 9.8 out of 10. NIST, however, gives it a base score of 8.8, which makes it a high-severity risk.
Source: https://www.bleepingcomputer.com/news/security/sap-fixes-critical-bugs-in-business-client-commerce-and-netweaver/