CVE-2016-5765

MEDIUM

Micro Focus Host Access Management and Security Server - Info Discl...

Title source: llm

Description

Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14.

References (3)

Core 3

Core References

Various Sources x_refsource_confirm

http://support.attachmate.com/techdocs/1704.html

Third Party Advisory x_refsource_misc

http://www.zerodayinitiative.com/advisories/ZDI-16-618

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/94579

Scores

CVSS v3 6.5

EPSS 0.0085

EPSS Percentile 75.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-200 CWE-22

Status published

Products (10)

microfocus/host_access_management_and_security_server 12.2

microfocus/host_access_management_and_security_server 12.3

microfocus/reflection_for_the_web 12.1

microfocus/reflection_for_the_web 12.2

microfocus/reflection_for_the_web 12.3

microfocus/reflection_security_gateway 12.1

microfocus/reflection_zfe 1.4.0.14

microfocus/reflection_zfe 2.0.0.52

microfocus/reflection_zfe 2.0.1.18

n/a/Micro Focus MSS, RWeb, ZFE, RSG 1.x, 2.x, 12.x Micro Focus MSS, RWeb, ZFE, RSG 1.x, 2.x, 12.x

Published Nov 29, 2016

Tracked Since Feb 18, 2026