CVE-2014-2588
CVE-2014-2588 affects McAfee Asset Manager 6.6, where the servlet/downloadReport endpoint is vulnerable through the reportFileName parameter. The root cause is directory traversal via a ".." input, allowing remote authenticated users to read arbitrary files on the server. Public sources from NVD ...