SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.
http://www.securitytracker.com/id/1032309
http://www.securityfocus.com/bid/74624
http://www.onapsis.com/blog/analyzing-sap-security-notes-april-2015-edition/