SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775