{"containers": {"cna": {"affected": [{"product": "Micro Focus MSS, RWeb, ZFE, RSG 1.x, 2.x, 12.x", "vendor": "n/a", "versions": [{"status": "affected", "version": "Micro Focus MSS, RWeb, ZFE, RSG 1.x, 2.x, 12.x"}]}], "datePublic": "2016-11-29T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14."}], "problemTypes": [{"descriptions": [{"description": "Information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:59.000Z", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.attachmate.com/techdocs/1704.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-618"}, {"name": "94579", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94579"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2016-5765", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Micro Focus MSS, RWeb, ZFE, RSG 1.x, 2.x, 12.x", "version": {"version_data": [{"version_value": "Micro Focus MSS, RWeb, ZFE, RSG 1.x, 2.x, 12.x"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information disclosure"}]}]}, "references": {"reference_data": [{"name": "http://support.attachmate.com/techdocs/1704.html", "refsource": "CONFIRM", "url": "http://support.attachmate.com/techdocs/1704.html"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-618", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-618"}, {"name": "94579", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94579"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:15:10.526Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.attachmate.com/techdocs/1704.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-618"}, {"name": "94579", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94579"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2016-5765", "datePublished": "2016-11-29T11:00:00.000Z", "dateReserved": "2016-06-23T00:00:00.000Z", "dateUpdated": "2024-08-06T01:15:10.526Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:host_access_management_and_security_server:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "7A5691B4-63CE-4782-AB99-BE5A853B4A80", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:host_access_management_and_security_server:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "40A6B3A9-4672-44B5-BDE6-20EF4F98019E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:reflection_for_the_web:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "6F8A9900-EEA0-403E-84B9-ACD1A878595A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:reflection_for_the_web:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "C3A8D101-CCDF-499E-927A-65998AF4054A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:reflection_for_the_web:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "C2B238C4-773A-45FF-9BC4-D96E332E9B6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:reflection_security_gateway:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "CB5AFD78-9A4E-4772-BE25-FD1CDBEC5589", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:reflection_zfe:1.4.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "C8B1548B-D36F-458B-B1E4-9EBF56CB038C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:reflection_zfe:2.0.0.52:*:*:*:*:*:*:*", "matchCriteriaId": "4440DFA4-8160-486B-AAA9-614C72B93371", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:reflection_zfe:2.0.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "7EF4535F-A798-47D9-A33F-81DAD681493E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14."}, {"lang": "es", "value": "Administrative Server en Micro Focus Host Access Management y Security Server (MSS) y Reflection para la Web (RWeb) y Reflection Security Gateway (RSG) y Reflection ZFE (ZFE) permite a atacantes remotos no autenticados leer archivos arbitrarios a trav\u00e9s de una URL especialmente manipulada que permite recorrido de directorio limitado. Se aplica a MSS 12.3 en versiones anteriores a 12.3.326 y MSS 12.2 en versiones anteriores a 12.2.342 y RSG 12.1 en versiones anteriores a 12.1.362 y RWeb 12.3 en versiones anteriores a 12.3.312 y RWeb 12.2 en versiones anteriores a 12.2.342 y RWeb 12.1 en versiones anteriores a 12.1.362 y ZFE 2.0.1 en versiones anteriores a 2.0.1.18 y ZFE 2.0.0 en versiones anteriores a 2.0.0.52 y ZFE 1.4.0 en versiones anteriores a 1.4.0.14."}], "id": "CVE-2016-5765", "lastModified": "2026-05-06T22:30:45.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-11-29T11:59:00.177", "references": [{"source": "security@opentext.com", "url": "http://support.attachmate.com/techdocs/1704.html"}, {"source": "security@opentext.com", "url": "http://www.securityfocus.com/bid/94579"}, {"source": "security@opentext.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-618"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.attachmate.com/techdocs/1704.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/94579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-618"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}