PT-2026-7213 · Sap · Sap Netweaver Application Server Java
Published
2026-02-10
·
Updated
2026-02-10
·
CVE-2026-23686
CVSS v3.1
3.4
Low
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver Application Server Java (affected versions not specified)
Description
A CRLF Injection issue exists in SAP NetWeaver Application Server Java. An attacker with administrative privileges can send crafted content to the application. Processing this content allows the injection of untrusted entries into generated configuration, potentially altering application settings. Successful exploitation results in a limited impact on data integrity, with no effect on confidentiality or availability. The issue requires administrative access for exploitation.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sap Netweaver Application Server Java