[原文]** DISPUTED ** Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable."
NetIQ Security Manager has been reported to contain a flaw allowing a remote attacker to access files outside of the FTP root path, bypassing its intended functionality. The original report indicated NetIQ and several other products were vulnerable to an underlying traversal issue in the iSeries product. Further examination and testing has revealed that NetiQ Security Manager is not vulnerable to this issue.
The vulnerability reported is incorrect. No solution required.