(0Day) Borland AccuRev Reprise License Server edit_lf_get_data Command lf Parameter Path Traversal Read Vulnerability

This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of Borland AccuRev. Authentication is not required to exploit this vulnerability. The specific flaw exists within the edit_lf_get_data functionality of the AccuRev Reprise License Manager service. The issue lies in the handling of the lf parameter which can result in reading arbitrary files. An attacker could leverage this vulnerability to arbitrary files under the context of SYSTEM.