Multiple Vulnerabilities in LM Configuration Wizard (SAP)

15 July 2016

CVE:CVE-2016-5719 (Reserved)

CVSS: 6.1 Medium (NLNR | C | LLN)

Product: SAP NetWeaver Application Server 7.20 / AS Java 7.31

Affected Versions: SAP NetWeaver Application Server 7.20 / AS Java 7.31 and prior verisons

Reported by: Can Demirel (http://scn.sap.com/docs/DOC-55451)

Report date: 22 November 2015

Vendor Response: 23 November 2015

Patch  Date: 9 May 2016

Description: LM  configuration wizard is affected by multiple XSS vulnerabilities.

Solution: Apply relevant patch issued by SAP with SAP Security Note 2260876.

Reference: http://scn.sap.com/docs/DOC-55451 (May 2016)

Written by Can Demirel Posted in Advisory, ENGLISH, Home