[原文]Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
RazLee Firewall+++ contains a flaw that allows a remote attacker to access files outside of the ftp root path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the ftp GET command.
Upgrade to version 11.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.