SAP regularly releases SAP security notes.  SAP's "patch Tuesday" happens on the same day as Microsoft actually for anyone who is familiar with the security patch strategy there.   SAP security notes is how SAP communicates its security fixes, for all its products. 

This inside.sap.au has done a very bad job on reporting this issue.
All vulnerabilities discovered by Onapsis are documented in SAP Notes and are fixed in corresponding patches or SP's.
This is described in Onapsis advisories themselves on the Onapsis web site.

SAP is constantly on the lookout for any possible security vulnerabilities and if they are discovered in-house or outside - there are fixed as soon as possible.

got info that this was reported to SAP and was already patched.

I hope company that found those "potential" vulnerabilities has contacted SAP and provided details, so it can be reviewed and addressed if needed.