Symantec Management Console is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application. Information obtained could aid in further attacks.
Versions prior to Symantec Management Console ITMS 8.1 RU4 are vulnerable.
Information
Symantec Management Console ITMS 8.1 RU2
Symantec Management Console ITMS 8.1 RU1
Exploit
An attacker can exploit the issue through a browser.
References: