Onapsis Security Advisory - HANA Developer Edition contains a command injection vulnerability. Specifically, the page /sap/hana/ide/core/base/server/net.xsjs contains an eval call that is vulnerable to code injection. This allows an attacker to run arbitrary XSJS code in the context of the user logged in.
ad3e31557ce091efdac803b0fc631729b8952bdd6890a585f33c38a640073cb9