MRO Maximo Self Service 4 and 5 stores certain information under the web document root using file extensions that are not processed by Tomcat, which allows remote attackers to obtain sensitive information via a direct request for the file, such as MXServer.properties.
https://exchange.xforce.ibmcloud.com/vulnerabilities/20452
http://www.securityfocus.com/bid/13508