CVE Tools
Sign in

CVE-2016-5765

Published: Nov 29, 2016Updated: May 6, 2026 Sources: CVE List NVDCWE-22
NVD MITRE
6.5CVSSMEDIUM
EPSS Score
2.2%
Top 19.6%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
No Fix Available

Description

Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14.

CVSS Vector Breakdown

AV:NAC:LPR:NUI:RS:UC:HI:NA:N
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:RUser Interaction
Required
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:NIntegrity
None
A:NAvailability
None
Open in CVSS calculator →

Weaknesses

CWE-22CWE-200

Affected Products

host access management and security servermicrofocusSecurity Products
reflection for the webmicrofocusSecurity Products
reflection security gatewaymicrofocusSecurity Products
reflection zfemicrofocusSecurity Products
Micro Focus MSS, RWeb, ZFE, RSG 1.x, 2.x, 12.xn/a
microfocuscommercialGBSecurity Productsaka micro focus, microfocus

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

No known exploits, KEV entries, or remediation guidance available for this vulnerability yet.

MITRE ATT&CK

2 techniques
Collection
Discovery
View detailed technique mapping

References

http://support.attachmate.com/techdocs/1704.html
support.attachmate.com
http://www.securityfocus.com/bid/94579
securityfocus.com
http://www.zerodayinitiative.com/advisories/ZDI-16-618
zerodayinitiative.com

Timeline

Published
Nov 29, 2016
Last Updated
May 6, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2016-5765 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows