Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/91930
http://www.securitytracker.com/id/1029927