Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.
https://launchpad.support.sap.com/#/notes/2589129
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/