Over the past few months, SAP has released a number of Security Notes (patches) addressing a family of vulnerabilities discovered and reported by the Onapsis Research Labs. This family of vulnerabilities has CVSS scores ranging in criticality from 5.3 to 10. Most of these vulnerabilities are related to the SAP P4 protocol itself. And while chained vulnerabilities historically are not easily exploitable, they tend to be a favorite tactic for more sophisticated threat actors.