Hi
A vulnerability in the public role is not critical on a DB dedicated to SAP usage, as only SAP user (or the admin) is supposed to connect on the DB, no other user account should exist / be used.
The poodle vulnerability is not a problem either for the same reason... except perhaps if you are using OEM.
I do not think these fix are urgent for Oracle DB used in an SAP environment.
I would feel more concerned with the lake of basic security rules against old problems like TNS Poisoning.
I do not see the here under basic recommendations applied that often !
1714255 - Restrict Instance Registration in non-RAC environments
186119 - Restricting DB access to specific hosts
Best regards