The attacker will exploit the HANA Web-based Development Workbench and they can use special craft inputs to modify database command. This helps int the modification of the datas persisted by a system.
The SQL-injection problem is caused by multiple SQL injection vulnerabilities. The code composes SQL statements that contain strings that can be altered by an attacker. The manipulated SQL statements can then be used to modify the data.
A potential attacker needs a valid user account with sap.hana.xs.ide.roles::* roles to perform the attack. The manipulated SQL statements are executed with the privileges of the user/attacker, therefore the impact of a potential misuse of the vulnerability is limited to the granted SQL privileges of the user.
The issues have been fixed with HANA revision 93 (for SPS09) and revision 85.2 (for SPS08). Update at least to these revisions.
Click here to know more on SAP HANA Security Vulnerability and Solutions