Hi
For sure SAP should be aware of critical security problems on Oracle before threatpost starts publishing about it !
There are Oracle guys working at Waldorf...
A vulnerability in the public role is not critical on a DB dedicated to SAP usage, as only SAP user (or the admin) is supposed to connect on the DB, no other user account should exist / be used. It seems that the problem only apply when using Oracle e-Business suite.
The poodle vulnerability is not a problem either for the same reason... and it is not a brand new vulnerability.
It might be a problem if you are using OEM (Poodle Vulnerability CVE-2014-3566).
I do not think these fix are urgents for Oracle DB used in an SAP environment.
I would feel more concerned with the lake of basic security rules against old problems like TNS Poisoning.
I do not see the here under basic recommendations applied that often !
1714255 - Restrict Instance Registration in non-RAC environments
186119 - Restricting DB access to specific hosts
Best regards