The specific flaw exists within the edit_lf_get_data functionality of the AccuRev Reprise License Manager service. The issue lies in the handling of the lf parameter which can result in reading arbitrary files. An attacker could leverage this vulnerability to arbitrary files under the context of SYSTEM.
