CNNVD-202602-1701 Information
CNNVD ID
CNNVD-202602-1701
Related CVE
- CNNVD Published: 2026-02-10
Description (Chinese)
SAP NetWeaver Application Server Java是德国思爱普(SAP)公司的一款提供了Java运行环境的应用程序服务器。该产品主要用于开发和运行Java EE应用程序。 SAP NetWeaver Application Server Java存在注入漏洞,该漏洞源于CRLF注入,可能导致经过身份验证的管理员提交特制内容,从而在生成的配置中注入不受信任的条目,操纵应用程序控制的设置。
Description (English)
SAP NetWeaver Application Server Java is an application server that provides the Java operating environment. The product is used mainly for the development and operation of Java EE applications. SAP NetWeaver Application Server Java has an injection loophole, which originates from CRLF injections, which may lead to the submission of customized content by an authentication administrator, thereby injecting untrustworthy entries into the generated configuration and manipulating application-controlled settings.
Hazard Level
Critical
Vulnerability Type
注入
Affected Vendor
思爱普
Published
2026-02-10
Last Modified
2026-02-24
References
https://me.sap.com/notes/3673213 https://url.sap/sapsecuritypatchday https://access.redhat.com/security/cve/cve-2026-23686
Patch
https://me.sap.com/notes/3673213
Share on: