IdeaRe SpA IdeaRE RefTree is a web application for managing complex real estate situations from IdeaRe SpA, Italy. path traversal vulnerability exists in versions of IdeaRe SpA IdeaRE RefTree prior to 2021.09.17. The vulnerability stems from the failure of a web system or product to properly filter special elements in a resource or file path. An authenticated attacker could use this vulnerability to upload and download CAD drawing files of buildings.