SAP NetWeaver Application Server Java
0 remedies
cpe:2.3:a:sap:application_server_java:*:*:*:*:*:*:*, +5 more
0 remedies
SAP NetWeaver Application Server Java CRLF Injection Vulnerability Allowing Configuration Manipulation
Vulnerability
A CRLF injection vulnerability has been identified in SAP NetWeaver Application Server Java. This vulnerability allows an authenticated attacker with administrative privileges to send specially crafted content to the application. If the application processes this content, it can inject untrusted entries into generated configuration files, enabling manipulation of application-controlled settings. While this exploitation has a low impact on integrity, it does not affect confidentiality or availability.
Impact
Exploitation of this vulnerability could lead to unauthorized modifications of application configuration settings, potentially allowing for further exploitation or disruption of the application.
Remediation
Users are advised to consult the SAP Security Notes for guidance on applying patches or updates. SAP Security Notes can be accessed through the SAP for Me platform, specifically on SAP Security Patch Days, which occur on the second Tuesday of each month.
Added: Feb 10, 2026, 5:23 AM
Updated: Feb 10, 2026, 5:23 AM
Vulnerability Rating
Custom Algorithm
spread
6.2impact
0.6exploitability
4.8remediation
0.0relevance
2.9threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.