Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the network via a report template with modified ReportPath or ReportName values.
https://exchange.xforce.ibmcloud.com/vulnerabilities/18862
http://securitytracker.com/id?1012854