[原文]IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288.
IBM Sterling File Gateway is prone to directory-traversal and information-disclosure vulnerabilities.
An attacker can exploit these issues using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory or obtain sensitive information and perform other attacks.
IBM Sterling File Gateway 2.2 is vulnerable.
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: firstname.lastname@example.org.
Updates are available. Please see the references or vendor advisory for more information.