A directory traversal vulnerability exists in CA Unified Infrastructure Management. The vulnerability is due to insufficient input validation while processing HTTP requests sent to the download_lar.jsp. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious request to the vulnerable server. Successful exploitation results in arbitrary file download from the target server.