Recently, Onapsis researchers detected exploitation activity related to three vulnerabilities that were already patched by SAP – CVE-2021-38163, CVE-2016-2386, and CVE-2016-2388.