MasterSAM Star Gate v11 is vulnerable to a directory traversal attack via the endpoint /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially leading to the exposure of sensitive information.
In the API responsible for downloading logs in the Troubleshooting -> Download Log feature, the application does not perform path validation for the file specified through the file parameter. Additionally, users can call this API without authentication.
GET /adama/adama/downloadService?type={}&file={} HTTP/1.1
