PT-2016-6674 · Micro Focus · Reflection Security Gateway+3
Rgod
·
Published
2016-11-29
·
Updated
2016-12-24
·
CVE-2016-5765
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Micro Focus Host Access Management and Security Server (MSS) versions 12.2 before 12.2.342 and 12.3 before 12.3.326
Reflection for the Web (RWeb) versions 12.1 before 12.1.362, 12.2 before 12.2.342, and 12.3 before 12.3.312
Reflection Security Gateway (RSG) versions 12.1 before 12.1.362
Reflection ZFE (ZFE) versions 1.4.0 before 1.4.0.14, 2.0.0 before 2.0.0.52, and 2.0.1 before 2.0.1.18
Description
The issue allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that enables limited directory traversal.
Recommendations
For MSS versions 12.2 before 12.2.342 and 12.3 before 12.3.326, update to a version that includes the fix.
For RWeb versions 12.1 before 12.1.362, 12.2 before 12.2.342, and 12.3 before 12.3.312, update to a version that includes the fix.
For RSG versions 12.1 before 12.1.362, update to a version that includes the fix.
For ZFE versions 1.4.0 before 1.4.0.14, 2.0.0 before 2.0.0.52, and 2.0.1 before 2.0.1.18, update to a version that includes the fix.
Fix
Information Disclosure
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Micro Focus Host Access Management/Security Server
Reflection Security Gateway
Reflection Zfe
Reflection For The Web