Security expert reveals new class of vulnerabilities in SAP software