Vulnerability Description
Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microfocus | Host Access Management And Security Server | 12.2 |
| Microfocus | Reflection For The Web | 12.1 |
| Microfocus | Reflection Security Gateway | 12.1 |
| Microfocus | Reflection Zfe | 1.4.0.14 |
Related Weaknesses (CWE)
References
- http://support.attachmate.com/techdocs/1704.html
- http://www.securityfocus.com/bid/94579
- http://www.zerodayinitiative.com/advisories/ZDI-16-618
- http://support.attachmate.com/techdocs/1704.html
- http://www.securityfocus.com/bid/94579
- http://www.zerodayinitiative.com/advisories/ZDI-16-618
FAQ
What is CVE-2016-5765?
CVE-2016-5765 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote una...
How severe is CVE-2016-5765?
CVE-2016-5765 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5765?
Check the references section above for vendor advisories and patch information. Affected products include: Microfocus Host Access Management And Security Server, Microfocus Reflection For The Web, Microfocus Reflection Security Gateway, Microfocus Reflection Zfe.