The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."Referenceshttp://www.zerodayinitiative.com/advisories/ZDI-14-386/
