Our customer found the following article:
SAP_F17T1_13
SAP HANA XS Advanced Java Runtime
HIGH
7.3
Deserialization of untrusted data in SAP HANA XS Advanced Java Runtime
SAP HANA XS Advanced Java Runtime uses a version of Apache Commons Collections, which deserializes untrusted data without sufficiently verifying that resulting data will be valid. This weakness may lead to remote command execution or denial of service vulnerability.
2252191
12.04.2016
I've checked on SAP Support and the prerequisites to install the relative patche is "This SAP Note is only applicable in case you are using SAP HANA XS Advanced Java Runtime with Apache Tomee."
May I ask ho to check the prerequisite on the SAP-HANA Nodes or Application Server ?