PT-2016-6674 · Micro Focus · Reflection Security Gateway+3
Rgod
·
Publicado
2016-11-29
·
Atualizado
2016-12-24
·
CVE-2016-5765
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Micro Focus Host Access Management and Security Server (MSS) versions 12.2 before 12.2.342 and 12.3 before 12.3.326
Reflection for the Web (RWeb) versions 12.1 before 12.1.362, 12.2 before 12.2.342, and 12.3 before 12.3.312
Reflection Security Gateway (RSG) versions 12.1 before 12.1.362
Reflection ZFE (ZFE) versions 1.4.0 before 1.4.0.14, 2.0.0 before 2.0.0.52, and 2.0.1 before 2.0.1.18
Description
The issue allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that enables limited directory traversal.
Recommendations
For MSS versions 12.2 before 12.2.342 and 12.3 before 12.3.326, update to a version that includes the fix.
For RWeb versions 12.1 before 12.1.362, 12.2 before 12.2.342, and 12.3 before 12.3.312, update to a version that includes the fix.
For RSG versions 12.1 before 12.1.362, update to a version that includes the fix.
For ZFE versions 1.4.0 before 1.4.0.14, 2.0.0 before 2.0.0.52, and 2.0.1 before 2.0.1.18, update to a version that includes the fix.
Correção
Information Disclosure
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Micro Focus Host Access Management/Security Server
Reflection Security Gateway
Reflection Zfe
Reflection For The Web