One attacker that is having potential is able inject arbitrary lines in log of SAP HANA Extended Application Services (HANA XS).
SAP provides this CVSS base score as an estimate of the risk posed by the issue reported in this note. This estimate does not take into account your own system configuration or operational environment. It is not intended to replace any risk assessments you are advised to conduct when deciding on the applicability or priority of this SAP security note. For more information, see the FAQ section at https://service.sap.com/securitynotes/.
This potential attacker can inject some additional lines in HANA XS log with special crafted HTTP which are requested.
The existing data can't be interchanged or read by a potential vulnerability.
The log writing function has been improved with SAP HANA SPS09, revision 90. Update to revision 90 or later.
Click here to know more on SAP HANA Security Vulnerability and Solutions