SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
http://service.sap.com/sap/support/notes/0001965819
http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/