Directory traversal vulnerability in Virtual Vertex Muster before 6.20 allows remote attackers to read arbitrary files via a \.. (backslash dot dot) in the URL.
https://exchange.xforce.ibmcloud.com/vulnerabilities/71513
http://www.security-assessment.com/files/documents/advisory/Muster-Arbitrary_File_Download.pdf