Start with Patch Day notes https://websmp205.sap-ag.de/securitynotes
and also run RSECNOTE
and to be really sure, open an OSS message and ask SAP.
Not sure if there is a cross-list of nist vulnerabilities to oss notes. Will be interesting to see replies to this question.