Description
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may submit a crafted job request that grants read access to files on the filesystem with the permissions of the GXP Job Service process. The path to a file is not sanitized for directory traversal, potentially allowing an attacker to read sensitive files in some configurations.
References
www.baesystems.com/...oduct/geospatial-exploitation-products
www.geospatialexploitationproducts.com/...lities-disclosure/
