IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (disrupted system operations) by uploading a file to a protected area.
https://exchange.xforce.ibmcloud.com/vulnerabilities/95860
http://www-01.ibm.com/support/docview.wss?uid=swg21684475