[原文]Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
Bsafe/Global Security for iSeries Traversal File Restriction Bypass
Remote / Network Access
Loss of Confidentiality
Bsafe/Global Security for iSeries has been reported to contain a flaw that allows a remote attacker to access files outside of the FTP root path. The issue is reportedly due to the server not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the FTP GET command. However, subsequent testing and validation indicates that additional security controls prevent such attacks.
The vulnerability reported is incorrect. No solution required.