Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code.
https://exchange.xforce.ibmcloud.com/vulnerabilities/13397
http://www.procheckup.com/security_info/vuln_pr0302.html