CVSS: 6.5EPSS: 18%CPEs: 9EXPL: 0CVE-2016-5765 – Attachmate Host Access Management and Security Server PassThru Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-5765
Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14. Administrative Server en Micro Focus Host Access Management y Security Server (MSS) y Reflection para la Web (RWeb) y Reflection Security Gateway (RSG) y Reflection ZFE (ZFE) permite a atacantes remotos no autenticados leer archivos arbitrarios a través de una URL especialmente manipulada que permite recorrido de directorio limitado. Se aplica a MSS 12.3 en versiones anteriores a 12.3.326 y MSS 12.2 en versiones anteriores a 12.2.342 y RSG 12.1 en versiones anteriores a 12.1.362 y RWeb 12.3 en versiones anteriores a 12.3.312 y RWeb 12.2 en versiones anteriores a 12.2.342 y RWeb 12.1 en versiones anteriores a 12.1.362 y ZFE 2.0.1 en versiones anteriores a 2.0.1.18 y ZFE 2.0.0 en versiones anteriores a 2.0.0.52 y ZFE 1.4.0 en versiones anteriores a 1.4.0.14. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Attachmate Host Access Management and Security Server. • http://support.attachmate.com/techdocs/1704.html http://www.securityfocus.com/bid/94579 http://www.zerodayinitiative.com/advisories/ZDI-16-618 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2010-4146
https://notcve.org/view.php?id=CVE-2010-4146
Cross-site scripting (XSS) vulnerability in Attachmate Reflection for the Web 2008 R2 (builds 10.1.569 and earlier), 2008 R1, and 9.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados en Attachmate Reflection para la Web 2008 R2 (builds 10.1.569 y anteriores), 2008 R1, y 9.6 y anteriores. Permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de vectores de ataque desconocidos. • http://osvdb.org/68637 http://secunia.com/advisories/41869 http://support.attachmate.com/techdocs/1704.html http://www.securityfocus.com/bid/44123 https://exchange.xforce.ibmcloud.com/vulnerabilities/62564 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •