ServletExec contains a flaw that may allow a remote attacker to arbitrarily upload files. The problem is that the application does not restrict access to the 'com.unify.ewave.servletexec.UploadServlet' servlet. It is possible that the flaw may allow a remote attacker to create a HTML form and upload JSP files to the server and execute arbitrary commands resulting in a loss of integrity.
Upgrade to version 3.0E or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.