Product: Axway File Transfer Direct, (The product is discontinued. Use the lastest version of this product.)
Version affected: 2.7.1
Axway is a software and services company registered in France with headquarters in Phoenix, Arizona. Established in 2001, Axway serves more than 11,000 organisations in 100 countries, with offices around the globe. Their award-winning products, solutions and services enable the business-critical transactions required to accelerate performance within and among enterprises - while providing management, security and governance on interactions throughout business networks.
File Transfer Direct is an ad hoc file exchange solution that brings enterprise-class managed file transfer (MFT) capabilities to familiar email interfaces and web-based clients. File Transfer Direct transparently applies administrator-defined policies while adding the security and audit capabilities required for corporate governance and regulatory compliance.
The unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass, %2e%2e instead of (/),URL encoding.
Axway File Transfer Direct - http://infosightsol.com/wordpress/wp-content/uploads/2012/11/Axway_Datasheet_File_Transfer_Direct_EN.pdf