The host is installed with NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to handle directory traversal sequences in a log pathname. Successful exploitation allows remote authenticated users to create or overwrite arbitrary files.