Multiple Vulnerabilities in LM Configuration Wizard (SAP)
CVE:CVE-2016-5719 (Reserved)
CVSS: 6.1 Medium (NLNR | C | LLN)
Product: SAP NetWeaver Application Server 7.20 / AS Java 7.31
Affected Versions: SAP NetWeaver Application Server 7.20 / AS Java 7.31 and prior verisons
Reported by: Can Demirel (http://scn.sap.com/docs/DOC-55451)
Report date: 22 November 2015
Vendor Response: 23 November 2015
Patch Date: 9 May 2016
Description: LM configuration wizard is affected by multiple XSS vulnerabilities.
Solution: Apply relevant patch issued by SAP with SAP Security Note 2260876.
Reference: http://scn.sap.com/docs/DOC-55451 (May 2016)