BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks.
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118565